SHARE
Facebook X Pinterest WhatsApp

Oracle Patch Fixes 23 ‘Critical’ Vulnerabilities

Oracle Corp. late Tuesday issued a “critical patch update” to address 23 security holes in its database and application server products. The patches were released as part of Oracle’s first quarterly patching cycle and fix a series of undisclosed flaws ranging from manipulation of data, exposure of sensitive information, privilege escalation and denial-of-service attacks. The […]

Written By
thumbnail Ryan Naraine
Ryan Naraine
Jan 19, 2005
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Oracle Corp. late Tuesday issued a “critical patch update” to address 23 security holes in its database and application server products.

The patches were released as part of Oracle’s first quarterly patching cycle and fix a series of undisclosed flaws ranging from manipulation of data, exposure of sensitive information, privilege escalation and denial-of-service attacks.

The vulnerabilities affect users of the Oracle Database 10g Release 1, Oracle9i Database Server, Oracle Application Server, Oracle9i Application Server, Oracle Collaboration Suite and Oracle E-Business Suite and Applications Release.

In an advisory (PDF file), Oracle said the first quarter patch update is a cumulative update that also contains nonsecurity fixes that are required (because of interdependencies) on the security fixes.

Secunia, a private security research outfit, rates the flaws as “moderately critical” and warned that exploitation could lead to PL/SQL injection attacks.

Oracle’s alert did not provide specific information on the attack scenarios and Next Generation Security Software Ltd., one of the private firms that reported the vulnerabilities, said it would withhold details about the flaws until April 18.

“This three-month window will allow Oracle database administrators the time needed to test and apply the patch set before the details are released to the general public,” NGS Software officials said.

Secunia’s advisory contains minor details of the bugs, which include a boundary error in the Networking component that can be exploited by malicious database users to crash the database via a specially crafted connect string.

Another error in the Spatial component can potentially be exploited to disclose information, manipulate data, or cause a DoS condition.

The next batch of patches from Oracle is scheduled for April 12.

Oracle had originally announced it would release patches on a monthly schedule, but the company shifted away from that plan in November in favor of the quarterly cycle.

Click here to read more about the switch to a quarterly schedule.

In the past, Oracle has been criticized for its lackadaisical approach to addressing critical security flaws. At the Black Hat security conference in Las Vegas last year, NGS Software pushed the envelope by releasing details on more than two dozen security holes in Oracle products that had not been fixed.

At the time, NGS Software said Oracle was aware of the vulnerabilities—some of them critical—for several months.

Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

Recommended for you...

SolarWinds Launches AI Agent and Expands AI Features
Jordan Smith
Oct 15, 2025
AI Wave, Economy Fuel Major Tech Layoffs Worldwide in 2025
Luis Millares
Oct 15, 2025
Check Point & Wiz Partner on Integrated Security Solutions
Jordan Smith
Oct 15, 2025
NetApp Announces Solutions for AI, Cloud, and Cyber Resilience
Jordan Smith
Oct 14, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.