ID: IRCNE2011071193
Date: 2011-07-24
Database server giant Oracle has hit the security patch treadmill again with a massive critical patch update to fix flaws in its enterprise product portfolio.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” the company said in an advisory.
Affected products and components include Oracle Database 11g, Oracle Database 10g, Oracle Secure Backup, Oracle Application Server, Oracle JRockit, Oracle Enterprise Manager and Oracle PeopleSoft Enterprise.
The company also provided information on pre-patch workarounds that may help provide temporary protection from attacks:
"Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem."
Details on the risk severity, patch availability and mitigation guidance can be found in Related Links.
- 2