Oracle fixes critical flaws in major security patch update

Oracle released 43 security fixes for a range of applications, including its flagship database, Oracle Application Server, E-Business Suite, PeopleSoft Enterprise and WebLogic Server.

Share

Oracle released 43 security fixes for a range of applications, including its flagship database, Oracle Application Server, E-Business Suite, PeopleSoft Enterprise and WebLogic Server.

Oracle Critical Patch Update 2009 provides fixes for 43 vulnerabilitiesSixteen of the patches are for various database versions. The most severe vulnerability, which affects versions 9.2.0.8 and 9.2.0.8DV, "can potentially allow an attacker to gain full control of a vulnerable server," according to a post on Oracle's global product security blog. Other patches are for various 10g and 11g versions.

The patch update also addresses eight issues with WebLogic and AquaLogic products, including JRockit, and WebLogic Server plugins for Apache and IIS Web servers, according to the blog.

The patch for JRockit includes fixes for 14 problems alone in the Java Runtime Environment from Sun Microsystems, all essentially for bugs known since December.

Other patches are for E-Business Suite Release 12, version 12.0.6, and Release 11i, version 11.5.10.2. The update also includes fixes for PeopleSoft PeopleTools 8.49; PeopleSoft HRMS 8.9 and 9.0; Oracle XML Publisher 5.6.2, 10.1.3.2 and 10.1.3.2.1; Oracle Outside In SDK HTML Export 8.2.2 and 8.3.0; and several versions of BI Publisher.

Full details are available on Oracle's website. Oracle releases its patch updates on a quarterly basis; the next is scheduled for July 14.

"Recommended For You"

Oracle to release 115 security patches Oracle patch batch affects 'hundreds' of products