Oracle releases 36 patches

Oracle today released fixes for 36 vulnerabilities, marking one of the smallest patch updates since the database giant began issuing quarterly distributions more than two years ago.

The update included 13 patches for the popular Oracle Database, with the most severe vulnerability rating a seven out of 10. Three of the database flaws – the most serious ones – may be remotely exploitable without user authentication.

Amichai Shulman, chief technology officer of Israel-based database security provider Imperva, told SCMagazine.com today that the most severe database bug is easy to exploit and can result in the disclosure of confidential information — but it allows an attacker only partial system control. Also, it affects only Windows platforms.

Another five fixes were released for the Oracle Application Server and 11 for the E-Business Suite. Patches also were delivered for the Collaboration Suite, Enterprise Manager and PeopleSoft and JD Edwards business applications.