Oracle follows Microsoft with major security patches

Enterprise software company Oracle has released a Patch Tuesday' style major security update for 20 product versions.

Coming hot on the heels of the Microsoft patches, the Oracle Critical Patch Update fixes multiple security vulnerabilities. Oracle said that due to the threat posed by successful attacks, customers should apply fixes as soon as possible.

Included in the update are 15 new security fixes for the Oracle Database Suite and six for the Application Server Suite, with some vulnerabilities remotely exploitable over a network without the need for a user name and password.

Other products affected were Oracle Collaboration Suite, E-business Suite and Applications, Enterprise Manager, PeopleSoft Enterprise and JD Edwards Enterprise One, Siebel Enterprise, and WebLogic Server and Workshop.

The most serious flaw was with the WebLogic Server Plugins for Apache component with scored a 10 - the highest level on the severity scale.

Until the fixes were applied Oracle said that there were workarounds which could be used as a short-term solution: "It may be possible to reduce the risk of successful attack by restricting network protocols required by an attack."

It continued: "For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may reduce the risk of successful attack."

However Oracle warned that this could break application functionality, and that neither should be considered a long-term solution as they wouldn't correct the underlying problem.