July 17, 2012

Oracle’s latest critical patch update (CPU) went live today.

Overall, this is a fairly consistent release:  80 overall patches with 4 database vulnerabilities.  Likewise, the same volume of MySQL vulnerabilities is consistent with previous releases.  Some observations:

  • The database vulnerabilities are about denial of service, probably around the Oracle Listener component which helps users communicate with the database remotely.  Interestingly, for three of these database vulnerabilities all you need is network access, nothing more.  This component has been around for 25 years—yet very serious issues persist.  It emphasizes the complexity of software and the need for security outside of the code base as its written.  This highlights why enterprises need a security solution on top of what comes with the database itself.
  • Fourteen of the patches were from an acquired from a company called Stellant.  This highlights the security issues with mergers and acquisitions—which were echoed with the Yahoo! Voices and Instagram-Facebook security issues.
  • The biggest vulnerability?  A JRocket issue that was fixed recently with other Java vulnerabilities.

This patch continues to show how big companies with a wide product line struggle to find the resources to keep all their products up to speed with security fixes and how complex software created by a series of mergers and acquisitions drives the need for external security that does not rely on the code itself.

Share:
Share on LinkedIn

Posted by Imperva Blogger at 02:28:00 PM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.