Sunday, April 23, 2006

Oracle patches three-dozen flaws

Oracle shored up 36 security holes on Tuesday, including a vulnerability revealed by a British security researcher in January during a presentation critical of the pace at which the company patches.
The Critical Patch Update (CPU) secures 15 issues in the Oracle's E-Business Suite and Applications software, 14 security holes in its database software, five flaws in the companies Collaboration Suite and a single vulnerability in the company's Application Server. The company's three Enterprise Manager software packages each had two security holes plugged by the patch.

A set of security vulnerabilities found by Next-Generation Security Software, and presented at a security conference in January, affected four of the Oracle applications. At the time, NGSSoftware researcher David Litchfield took Oracle to task for not fixing the issue in the last CPU released in January. The public outing of the flaws lit off a war of words between the two companies.

Oracle has taken a significant amount of criticism for its handling of software security issues. The company's January CPU consisted of fixes for 82 flaws, two of which took more than 800 days to fix. Last year, researchers took the company to task for taking more than 650 days to publish a fix for a security issue.


Post a Comment

<< Home