Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Oracle To Issue 88 Security Fixes in July 2012 Critical Patch Update

Database giant Oracle on Thursday issued its pre-release announcement for its July 2012 Critical Patch Update, saying it would issue 88 new security vulnerability fixes across hundreds of Oracle products.

As part of the update, Oracle will issue 4 new security fixes for vulnerabilities in the company’s flagship Oracle Database Server, 3 of which may be remotely exploitable without authentication.

Database giant Oracle on Thursday issued its pre-release announcement for its July 2012 Critical Patch Update, saying it would issue 88 new security vulnerability fixes across hundreds of Oracle products.

As part of the update, Oracle will issue 4 new security fixes for vulnerabilities in the company’s flagship Oracle Database Server, 3 of which may be remotely exploitable without authentication.

Oracle LogoCommenting on the once-again low number of security fixes focused on the Oracle Database, Alex Rothacker, Director of Security Research at Application Security, Inc. told SecurityWeek, “This is really disappointing to me and continues the trend of Oracle loosing focus on their namesake product. We know there are more issues to be fixed, but Oracle is clearly focusing their energy on other products, like Fusion Middle Ware with 22 fixed issues and the Sun Product Suite with 25 fixed issues.”

“The highest CVSS score for the Database fixes is 5.0 and 3 of them are remotely exploitable without authentication,” Rothacker added. “5.0 is a low CVSS score for a remotely w/o auth exploitable vulnerability, which makes me guess that these vulnerabilities do not allow a confidentiality compromise, but are most likely denial of service level vulnerabilities.”

“The highest CVSS score in the overall CPU is 10.0 and is assigned to a Fusion Middle Ware fix. 10.0 means a complete compromise of the software and the server,” he continued.

Oracle said the patch update contains 6 new security fixes for MySQL, noting that of the vulnerabilities may be remotely exploitable without authentication. “These tend to be community fixes and Oracle is just re-packaging them,” Rothacker said.

Oracle’s July 2012 Critical Patch Update is set to be released on Tuesday, July 17, 2012 and affects the following products and components, according to Oracle:

Affected Products and Components Security vulnerabilities addressed by this Critical Patch Update affect the following products:

• Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3

Advertisement. Scroll to continue reading.

• Oracle Database 11g Release 1, version 11.1.0.7

• Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5

• Oracle Secure Backup, version 10.3.0.3, 10.4.0.1

• Oracle Fusion Middleware 11g Release 2, version 11.1.2.0

• Oracle Fusion Middleware 11g Release 1, versions 11.1.1.5, 11.1.1.6

• Oracle Application Server 10g Release 3, version 10.1.3.5

• Oracle Identity Management 10g, version 10.1.4.3

• Hyperion BI+, version 11.1.1.x

• Oracle JRockit versions, R28.2.3 and earlier, R27.7.2 and earlier

• Oracle Map Viewer, versions 10.1.3.1, 11.1.1.5, 11.1.1.6

• Oracle Outside In Technology, versions 8.3.5, 8.3.7

• Enterprise Manager Plugin for Database 12c Release 1, versions 12.1.0.1, 12.1.0.2

• Enterprise Manager Grid Control 11g Release 1, version 11.1.0.1

• Enterprise Manager Grid Control 10g Release 1, version 10.2.0.5

• Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3

• Oracle E-Business Suite Release 11i, version 11.5.10.2

• Oracle Transportation Management, versions 5.5.06, 6.0, 6.1, 6.2

• Oracle AutoVue, versions 20.0.2, 20.1

• Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1

• Oracle PeopleSoft Enterprise PeopleTools, versions 8.50, 8.51, 8.52

• Oracle Siebel CRM, versions 8.1.1, 8.2.2

• Oracle Clinical Remote Data Capture Option, versions 4.6, 4.6.2, 4.6.3

• Oracle Sun Product Suite

• Oracle MySQL Server, versions 5.1, 5.5

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.