WatchGuard Wire
Improve Your Security IQ
Quarterly Oracle Update Corrects 43 Security Vulnerabilities
17 April 2009 -- In the shadow of Microsoft Patch Day, Oracle released another huge quarterly Critical
Patch Update (CPU). By my count, this update fixes more than 43 vulnerabilities
found in many of Oracle's products.
The advisory doesn't describe the flaws in technical detail, but it rates
each flaw's severity. You can find these severity ratings in the risk matrices,
located in the appendices of Oracle's advisory.
Oracle uses the Common
Vulnerability Scoring System (CVSS),
which rates vulnerabilities
on a scale from one to ten, ten being the most severe. Two of Oracle's
April vulnerabilities have a severity rating of ten, meaning remote
attackers can exploit them to fully compromise the affected product.
Due to some of these vulnerabilities' high severity, Oracle administrators should
jump on these patches as quickly as they can. If you use any Oracle products, check
out their April security advisory
and apply any updates that correspond to the products
you use. By the way Oracle, can you stop releasing your huge quarterly
patches on, or so near to, Microsoft Patch Day. I think most
administrators are already busy enough on that day. -- Corey
Nachreiner, CISSP
Copyright© 2009 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
