Oracle releases quarterly security patches

Oracle has released its quarterly security software update, fixing a wide variety of vulnerabilities in its database and server products.

The update addresses a total of 37 vulnerabilities in the company’s database software, as well as a large number of bugs in Oracle’s Application Server, Collaboration Suite, E-Business Suite, and PeopleSoft and JD Edwards software.

Oracle did not release technical details on the patches, but according to security researcher Alexander Kornbrust, a number of them cover the Oracle Database Listener, a component of the database software that is used to connect clients to the database itself. “The listener is a kind of doorman to the database, and if you are able to own or overtake the listener, you own the entire system in the database,” said Kornbrust, a business director at Red-Database-Security GmbH, in Neunkirchen, Germany.

Kornbrust predicted that corporate users will most likely want to test and apply these patches as soon as possible, in part because it is difficult to mitigate the effects of many of the vulnerabilities that have been addressed. “It’s necessary to apply these patches because a lot of binaries are patched, and it’s quite difficult to implement work-arounds for this,” he said.

Oracle’s next quarterly patches are scheduled to be released on April 18, the company said.

Oracle executives were not immediately available for comment in this story.