Oracle to patch 41 security flaws


Oracle is set to patch 41 security flaws tomorrow, warning customers to apply the updates as soon as possible to fix the critical problems, as some affect multiple products.

Tomorrow's patch will address 10 flaws affecting Oracle Database, and six in Oracle's backup system, as well as vulnerabilities in its application server, e-business suite and WebLogic server. The update will also patch flaws in JD Edwards Tools and PeopleSoft.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the Oracle security advisory warned.

The database patches would not allow remote exploitation without a password or username, but one flaw in the Oracle Times Ten Data Server would allow such access, Oracle said.

The most critical upgrade, however, was for Oracle Secure Backup 10.0 for Windows, which was given the most severe security rating possible under Oracle's system.

More details on the updates are available in Oracle's pre-release announcement.