Menu
Oracle ships critical update for database, applications

Oracle ships critical update for database, applications

Oracle has released the latest critical update for its database and applications.

Oracle released its latest critical patch update on Wednesday, fixing 51 vulnerabilities in a range of products, including its flagship database line.

Oracle's critical patch update fixes holes in Oracle Database Server, Oracle Application Server, Oracle Enterprise Manager, Oracle E-Business Suite, and Oracle PeopleSoft Enterprise. Twenty-seven of the patched vulnerabilities are found in Oracle Database Server, including the most serious vulnerability fixed.

"The most critical, rating 6.5 with the new CVSS 2.0 metric, is a problem in the import utility," said Alexander Kornbrust, managing director of Red Database Security GmbH, which found 13 of the 27 vulnerabilities in Oracle Database Server that are patched with this update.

CVSS 2.0, or Common Vulnerability Scoring System version 2.0, is a rating system developed by the Forum of Incident Response and Security Teams as a way of measuring the severity and urgency of IT vulnerabilities. The vulnerabilities patched by Oracle's latest critical update have CVSS 2.0 ratings from 4.0 to 6.5.

The vulnerability in the import utility could allow an attacker to run code on a database as the user SYS, Kornbrust said. SYS is the most powerful user in an Oracle database, and is able to do and see more than a typical database administrator.

Kornbrust said database administrators can reduce their exposure to these and other vulnerabilities by hardening their databases and installing the minimum amount of features.

The next Oracle critical update is set for release in January.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments