Oracle Releases Fixes for 65 Flaws

["Fergie" <fergdawg () netzero net>]

Via SC Magazine.

[snip]

All were part of the Redwood Shores, Calif.-company's quarterly
Critical Patch Update (CPU). They affect a range of Oracle
products--the majority affect database and E-Business Suite
software—and the company has no suggested workarounds for the alerts
but instead advised customers to install the patch.

Most of the concern in this patch cycle is on the increasing prevalence
of database security problems, said Amichai Shulman, director of
Imperva's Application Defense Center (ADC), a database vulnerability
research group. Shulman said that the 23 database-related flaws patched
today fall into three categories: protocol violations, SQL injections
and flaws associated with stored procedures.

Based on his research, some of the most alarming flaws are the protocol
violations, which he said are quickly becoming a favorite attack vector
for the bad guys.

[snip]

More:
http://www.scmagazine.com/uk/news/article/570244

- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.