Oracle patched 101 security holes

As part of its quarterly error correction cycle, Oracle yesterday (October 17) provided patches for 101 vulnerabilities in its product line.

Critical Patch Update - Critical Patch Update includes 64 vulnerabilities related to Oracle's popular database products; 14 vulnerabilities in Application Server; 13 vulnerabilities in E-Business Suite; 8 holes in PeopleSoft products; and one in Oracle Pharmaceuticals and JD Edwards software.

Among database-related vulnerabilities, 35 vulnerabilities were found in Oracle Application Express; and 25 of these vulnerabilities are classified as serious. Application Express is an additional installation application and is not commonly used by Oracle customers, but there are many systems related to this application.

" Most of the critical vulnerabilities are in the application server product. There are some vulnerabilities that allow remote exploitation without going through the identification process. These are the vulnerabilities that customers need to consider. Most, and should fix it as soon as possible, "said Darius Wiles, Oracle security management manager.

The October upgrade is Oracle's first quarterly security bulletin containing serious warnings. In addition, this newsletter also shows which vulnerabilities can be exploited remotely, and conducts the classification of the most dangerous vulnerabilities.

Reportedly, Oracle's next error correction bulletin will be issued on January 16, 2007.