Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Oracle Plugs 122 Security Holes 25

Posted by CowboyNeal from the keeping-watch dept.
Aditi.Tuteja writes "Oracle has released a 'critical patch update' that plugs 122 security vulnerabilities across the company's databases, enterprise applications, developer tools and middleware. Oracle has also started providing additional information indicating whether a flaw can be exploited by remote attackers without any authentication credentials. But, Oracle has failed to deliver its patches on all platforms. Patches for Oracle databases 9.2.0.6 and 10.1.0.5 will not be available until the end of this month. Users running Oracle 10.2.0.1 on Linux on Power servers will also have to wait until the end of October, as will users running Oracle 10.2.0.2 on Windows."
This discussion has been archived. No new comments can be posted.

Oracle Plugs 122 Security Holes More

Oracle Plugs 122 Security Holes

Comments Filter:

  • Good (Score:2, Insightful)

    by the-amazing-blob ( 917722 ) on Thursday October 19, 2006 @10:05PM (#16511675) Journal
    Odd to see almost all posts before mine are flamebait/troll. Anyway, congrats to Oracle for patching that stuff. You don't see bugfixes like that very often anymore.

  • Re:Good (Score:2, Insightful)

    by Anonymous Coward on Friday October 20, 2006 @05:15AM (#16513979)
    I can only assume your post was in jest, After all no one could possibly be congratulating Oracle on yet AGAIN issuing another massive set of security fixes. This is a constant thing that happens every 3 months from them and it is getting worse rather than better. On top of there being 122 vulnerabilities they have only published the fixes for a couple of platforms so far so many DBA's have just had there arses exposed by oracle. Yeah great work yet again Oracle

  • Re:Unbreakable...Break it. (Score:5, Insightful)

    by dwandy ( 907337 ) on Friday October 20, 2006 @06:56AM (#16514355) Homepage Journal
    I for one am tired of major vendors that don't fix problems.
    Business only understands one thing: money. So this needs to cost them money.

    So to me the solution is simple: Researchers privately disclose bugs to the vendor along with a Public Release Date....maybe 6-weeks in the future. Non-Negotiable.
    Fixed or not*, the bug is fully and publicly disclosed on that date. Since OSS (and MS DRM! heheh) has shown that bugs can be fixed in days or at the most a few weeks this should give a motivated company plenty of time to fix it. And only money motivates a business.

    When vendors start getting threatning calls/letters from their customers (either to sue or jump ship) due to unpatched exploits that are public knowledge then they will be forced to fix them.

    Oh sure, the vendors will cry foul (and sadly some will probably try and sue researchers instead of fixing their problems) but the fact is that if one person can find an exploit then a second person can find this exploit. And the other guy might not have noble intentions. Every day that a findable exploit exists is a day that the system is at risk...

    *This is actually important, b/c if you read the rant you'll note that the 'fixes' are half-assed. I'm pretty confident that if the exploit was going to be made public that the fixes would be more robust...or the company will go bust.

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close