October 18, 2005 6:10 PM PDT

Oracle fixes bugs with mega patch

By Joris Evers
Staff Writer, CNET News

Related Stories

When security researchers become the problem

 July 27, 2005

Oracle dragging heels on unfixed flaws, researcher says

 July 19, 2005

Oracle update fixes security flaws

 July 13, 2005

Oracle puts patches on a schedule

 August 19, 2004
Oracle on Tuesday released fixes for a laundry list of security vulnerabilities in many of its software products.

The "Critical Patch Update," part of Oracle's quarterly patch release cycle, delivers fixes for 33 flaws in Oracle's Database products, 14 in its Application Server, 13 in the Collaboration Suite, 22 in E-Business Suite and Applications, four in PeopleSoft's PeopleTools, and two in JD Edwards software.

Several of the flaws carry Oracle's most serious rating, which means they are easy to exploit and an attack can have a wide impact, according to the alert. "The most severe of the vulnerabilities could possibly expose affected computers to complete compromise," Symantec said in an alert to users of its DeepSight intelligence service.

Oracle doesn't provide many details in its advisory, which could be a challenge for users when prioritizing patches, Pete Finnigan, a security specialist in York, England, wrote on his Weblog. "The descriptions for all the bugs except for the database section give nothing away whatsoever," he said.

Oracle has been criticized for dragging its heels on fixing security flaws and being unresponsive to researchers who find bugs. Oracle's Chief Security Officer, Mary Ann Davidson, in response said security researchers can be a problem when it comes to product security.

See more CNET content tagged:
Oracle Corp., fix, researcher, security, database

Add a Comment (Log in or register) 18 comments
I thought oracle was unbreakable?
by nTier October 18, 2005 7:38 PM PDT
I think that speaks for itself.
Reply to this comment
Nope
by aabcdefghij987654321 October 19, 2005 8:12 AM PDT
The only thing they have that's unbreakable is their founder's head, it appears to be solid bone.
I thought oracle was unbreakable?
by nTier October 18, 2005 7:38 PM PDT
I think that speaks for itself.
Reply to this comment
Nope
by aabcdefghij987654321 October 19, 2005 8:12 AM PDT
The only thing they have that's unbreakable is their founder's head, it appears to be solid bone.
Unbreakable my a$$
by October 18, 2005 7:44 PM PDT
So much for Crazy Larry's claims of "can't break in", and "can't break it".

I suggest Mary Ann Davidson should stop mouthing off about security researchers being a problem, and spend her time securing her employer's products. Maybe if Oracle's software is really as secure as Larry boy claimed them to be then security researchers won't find that many bugs, then there's no reason for her to open her mouth and criticize them.

Like it or not Mary baby, security researchers are here to stay whether you like it or not. If you're so bothered by these people, maybe you should get out of the software market and do something else.
Reply to this comment
Unbreakable my a$$
by October 18, 2005 7:44 PM PDT
So much for Crazy Larry's claims of "can't break in", and "can't break it".

I suggest Mary Ann Davidson should stop mouthing off about security researchers being a problem, and spend her time securing her employer's products. Maybe if Oracle's software is really as secure as Larry boy claimed them to be then security researchers won't find that many bugs, then there's no reason for her to open her mouth and criticize them.

Like it or not Mary baby, security researchers are here to stay whether you like it or not. If you're so bothered by these people, maybe you should get out of the software market and do something else.
Reply to this comment
Spelling may help your brief descriptions...
by October 19, 2005 5:56 AM PDT
In the days of actually proof reading your news articles, a mistake like spell [which] wrong would have never taken place. A few years back newspapers actually employed people to review articles before being "printed" but like all things, news transforms.. we should just call this website one big BLOG without a spell checker.

ORIGINAL POST BELOW:
--------------------------
Oracle fixes bugs with mega patch
Quarterly update includes fixes for a slew of security vulnerabilities in many Oracle products--many of wich carry Oracle's most serious rating.

11 hours, 43 minutes ago
Reply to this comment
That's fixed, thanks!
by JorisEvers October 19, 2005 6:50 AM PDT
Okay, I can come up will a list of excuses for that spelling error, but I won't. Thanks for pointing it out, we've fixed it.

We're lucky that on the Internet we can correct mistakes like that and it won't be an eye sore for readers any longer.

Joris Evers, staff writer, CNET News.com
View reply
spelling mistakes
by October 19, 2005 3:59 PM PDT
There are many good reasons.. maybe he dropped a cup of hot cofee on his lap and mis-spelled the word by accident.. big deal, one mis-spelled word.. big deal, I'm sure you have made one or two spelling mistakes in your life.
View reply
Spelling may help your brief descriptions...
by October 19, 2005 5:56 AM PDT
In the days of actually proof reading your news articles, a mistake like spell [which] wrong would have never taken place. A few years back newspapers actually employed people to review articles before being "printed" but like all things, news transforms.. we should just call this website one big BLOG without a spell checker.

ORIGINAL POST BELOW:
--------------------------
Oracle fixes bugs with mega patch
Quarterly update includes fixes for a slew of security vulnerabilities in many Oracle products--many of wich carry Oracle's most serious rating.

11 hours, 43 minutes ago
Reply to this comment
That's fixed, thanks!
by JorisEvers October 19, 2005 6:50 AM PDT
Okay, I can come up will a list of excuses for that spelling error, but I won't. Thanks for pointing it out, we've fixed it.

We're lucky that on the Internet we can correct mistakes like that and it won't be an eye sore for readers any longer.

Joris Evers, staff writer, CNET News.com
View reply
spelling mistakes
by October 19, 2005 3:59 PM PDT
There are many good reasons.. maybe he dropped a cup of hot cofee on his lap and mis-spelled the word by accident.. big deal, one mis-spelled word.. big deal, I'm sure you have made one or two spelling mistakes in your life.
View reply
Great Job Oracle
by October 19, 2005 1:12 PM PDT
It is alot of fun having to work on an off-day every three months because of these vulnerabilites.

What good are weekends anyway?
Reply to this comment
Great Job Oracle
by October 19, 2005 1:12 PM PDT
It is alot of fun having to work on an off-day every three months because of these vulnerabilites.

What good are weekends anyway?
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Oracle (-0.17%) -0.03 17.62
Dow Jones Industrials (-0.31%) -27.24 8,742.46
S&P 500 (0.34%) 3.08 909.73
NASDAQ (1.12%) 17.95 1,617.01
CNET TECH (0.75%) 8.48 1,141.83
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Site map
Latest news
Business tech
Green tech
Wireless
Security
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
CNET Widgets
About CNET