Oracle issues big security patch update

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9135495/Oracle_issues_big_security_patch_update

By Chris Kanaracus
IDG News Service
July 14, 2009 

Oracle on Tuesday released its latest quarterly patch update, which 
includes 10 security fixes for its database and also addresses a range 
of vulnerabilities across the vendor's applications portfolio.

Among the 10 database vulnerabilites, three can be exploited across a 
network without a user name or password. Affected database components 
include advanced replication, network authentication, Secure Enterprise 
Search and configuration management, Oracle said.

Two other patches are for Oracle Application Server weaknesses that can 
also be exploited remotely without authentication, Oracle said.

Another group of fixes addresses issues with Oracle E-Business Suite 
components, including Advanced Supply Chain Planning, Oracle 
Applications Framework, iStore and iSupplier Portal.

In addition, Oracle is shipping a total of four fixes for its PeopleSoft 
Enterprise, JD Edwards Enterprise One and Siebel application families, 
two patches for Oracle Secure Backup, and two for Enterprise Manager.

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com