Oracle Security Update Addresses 78 Vulnerabilities

Oracle has released a massive security update that fixes 78 flaws affecting almost the entire product portfolio.

The quarterly critical software update covers most of the widely used Oracle database server products including: Oracle Database 11g, Oracle Database 10g, Oracle Secure Backup, Oracle Application Server, Oracle JRockit, Oracle Enterprise Manager and Oracle PeopleSoft Enterprise.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 78 new security fixes across all product families listed below,” Oracle said in an advisory.

Some of the most critical vulnerabilities, CVE-2011-2261,CVE-2011-0873 and CVE-2011-2288, affect Oracle’s Secure Backup, Oracle JRockit and SPARC T3 Series. These flaws can be exploited remotely by a hacker and don’t require any form of authorisation.

"This is a very large set of patches for vulnerabilities that expose nearly every running Oracle database in the world to fairly trivial attacks that allow somebody to either knock the database down or take complete control of the database and all the data inside of it," Josh Shaul, of Application Security, told eWeek.