Oracle plugs 88 security holes, the same number as the last update

Oracle said in its advisory that a number of vulnerabilities affect multiple products and advised customers to apply the patches “as soon as possible.”

For its Oracle Database Service, the company is patching four vulnerabilities, three of which are remotely exploitable without authentication. None of these fixes are applicable to client-only installations; that is, installations that do not have the Oracle Database Server installed.

Oracle is patching 22 holes in its Fusion Middleware family, eight of which are remotely exploitable. Another 25 patches fix gaps in Oracle’s Sun family of products.

Commenting on the Oracle update, Wolfgang Kandek, chief technology officer with Qualys, noted that 38 of the patches are remotely exploitable without authentication, affecting a range of products including Solaris, Oracle RDBMS, Fusion Middleware, and Siebel. This is an increase from the 33 remotely exploitable holes fixed in the previous update.

“This quarter only MySQL and Peoplesoft have no remotely exploitable flaws. IT admins who are responsible for the other products listed should be prepared to evaluate their exposure to these flaws, especially if the machines are exposed to the Internet. Oracle Java will not be updated [on] Tuesday, as it is released on a separate schedule", wrote the Qualys CTO.

Java's next versions are expected in October, Kandek observed.

What’s hot on Infosecurity Magazine?