Oracle Patches Seven Database Flaws Among 66 CPUs

  /     /     /  
Publicated : 22/11/2024   Category : security


Oracle Patches Seven Database Flaws Among 66 CPUs


Huge patch release will seal some critical vulnerabilities, database vendor says



Oracle this week unleashed a torrent of 66 new security patches across its entire portfolio during its quarterly update, including seven Critical Patch Updates.
Three of the vulnerabilities are remotely exploitable without authentication, Oracle says.
Among the seven vulnerabilities affecting Oracle database customers, five were directly for Oracle Database Server. One of these is remotely exploitable without authentication.
None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed, Oracle reported in its documentation.
One of the other vulnerabilities was for Oracle Secure Backup and another was for Oracle Audit Vault, both of which fixed remotely exploitable vulnerabilities.
We are seeing fixes for remote execution without authentication, which is very severe, said Amichai Shulman, Imperva CTO, yesterday in a statement. For example, the Audit Vault vulnerability allows an attacker to bypass authentication and act as a remote administrator to execute any command on a server installed with Audit Vault agent.
While there were a number of important updates made for database customers, Shulman wonders whether Oracles recent acquisitions have pulled the company off of its focus of locking down database vulnerabilities.
In the past, when Oracle had far fewer products, they would patch 100 database vulnerabilities at a time. One would assume that more products require more fixes, yet we are seeing smaller patches with fewer fixes for more products, Shulman said. Oracle had a lot of momentum around fixing database vulnerabilities. However, the quarterly patch cycle has seen a slowdown in fixing database vulnerabilities since the acquisition and incorporation of so many companies and products during the past year.
Shulman notes that Oracle provides no details about the vulnerabilities that these CPUs are fixing, citing the risk of hackers taking advantage of the flaws to create new exploits. But the lack of information harms cautious database users who need to figure out workarounds until they can finish testing in order to bring patches live, he said.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Oracle Patches Seven Database Flaws Among 66 CPUs