Oracle plans mammoth security update

Enterprise software giant Oracle has announced a huge security update that will fix a number of vulnerabilities across its product range.

The patch will fix vulnerabilities in Oracle products, with some flaws affecting a number of different products. Oracle puts the figures at 78 vulnerabilities stretching across hundreds of products.

Affected products include Oracle Database 10g and 11g, Fusion Middleware 11g, Application Server 10g, WebLogic Server, PeopleSoft Enterprise CRM, HRM and PeopleTools, JDEdwards, MySQL and Oracle Sun Product Suite.

The vulnerabilities exposed in Oracle Database Server are remotely exploitable without authentication, Oracle said, which means they could be exploited over a network without the need for a username and password.

MySQL also gets a lot of holes plugged – 27 vulnerabilities in total are due to be fixed, one of which can also potentially be exploited without authentication.

"A Critical Patch Update is a collection of patches for multiple security vulnerabilities. This Critical Patch Update contains 78 new security vulnerability fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," Oracle said in a statement.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the statement added.

The full list of affected products can be found here.

Oracle has come under fire in the past for its patching strategy, with Amichai Shulman, CTO at security firm Imperva, saying the patching process "needs fixing".

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up