Oracle Details Over 100 New Flaws

Oracle users have been complaining for some time that they get too little information, but that changed this week with Oracle’s final quarterly Critical Patch Update (CPU) of 2006, which fixes more than 100 flaws.

The October update represents the largest number of flaw fixes in all of 2006.

The last update in July had 65 bugs, April’s update had 36 and January’s update fixed 82 flaws.

Of the 101 security fixes in the October update, 56 could potentially be remotely exploited without even a username or password. Oracle had not previously disclosed in its CPUs how many flaws were remotely exploitable.

“While existing CPU risk matrices made it possible to assess whether a specific vulnerability was remotely exploitable without requiring authentication on the targeted system, Oracle is now going to specifically identify this type of vulnerability,” Eric Maurice Manager for Security in Oracle’s Global Technology Business Unit wrote on Oracle’s security blog.

See post on Oracle’s security blog.

  1. Oracle Likes Word “Unbreakable” | Dragan on Security

    […] It was 2002 when Oracle Corp. Chairman and Chief Executive Officer Larry Ellison said that Oracle software remains unbreakable and mocked a memo sent by arch rival Bill Gates stressing to Microsoft Corp’s employees the importance of security in the company’s products. See an article from that time here. But, upon the time, this wasn’t proven as totally true. There were many security breaches and many patches (post is here). […]

Leave a Reply