Oracle To Release Patch To Fix 37 BugsOracle To Release Patch To Fix 37 Bugs

Oracle's Critical Patch Update, which is being released next Tuesday, includes fixes for 13 Oracle Database bugs and five Application Server bugs.

Sharon Gaudin, Contributor

April 11, 2007

2 Min Read
information logo in a gray background | information

Oracle announced it will be releasing a Critical Patch Update on Tuesday, April 17, to fix 37 bugs across its product lines.

The company described seven of the bugs as serious, according to a pre-release advisory. The Critical Patch Update is a collection of patches for multiple security vulnerabilities.

The update will fix 13 bugs in the company's flagship Oracle Database and five in the Oracle Application Server, noted the advisory. Eleven bugs are being fixed in the Oracle E-Business Suite. Some of these bugs can be remotely exploited without authentication.

Oracle did note that the list of bugs being fixed could change by next week when the patch is released.

"It sounds like a typical Oracle patch," said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, in an interview. "They send out patches quarterly so there tends to be loads of them. The thing with Oracle is that the database is behind a firewall and not directly connected to the outside, so it's not as bad. Oracle, though, is more than just a database. There are all these little add-on products and it's not always clear what add-ons you have to have installed to be vulnerable to different bugs."

The company is taking a page out of Microsoft's book by releasing advance advisories that a patch update is coming out. The first advance warning came in January. That patch fixed 51 bugs, including 26 that were in the Oracle database.

The January patch and the planned April patch are significantly smaller than the security update that came out in October. That one fixed 101 bugs.

Microsoft released its monthly Patch Tuesday update this week. It fixed five flaws, including a critical bug in Windows Vista. The update also included the emergency .ANI patch that was first issued last week. Ullrich explained the .ANI patch was re-released to make sure users who only check for the monthly updates would be protected from the exploits that have been circulating on the Internet.

Read more about:

20072007

About the Author

Sharon Gaudin

Sharon Gaudin

Contributor

See more from Sharon Gaudin
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports