Oracle Patch Day: 78 critical database server flaws

Database server giant Oracle has released 78 security patches as part of its July Critical Patch Update. Again the security patch treadmill hitted with a massive critical patch update to fix flaws in its enterprise product portfolio.

There is a total of 13 fixes for the Oracle Database server, two of which could be remotel exploited by an attacker without authentication. The company said, “Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,”

Affected products and components include Oracle Database 11g, Oracle Database 10g, Oracle Secure Backup, Oracle Application Server, Oracle JRockit, Oracle Enterprise Manager and Oracle PeopleSoft Enterprise.

The company also provided information on pre-patch workarounds that may help provide temporary protection from attacks:

Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.