Oracle patches to fix 37 flaws

Quarterly "critical patch update" will include fixes for seven vulnerabilities that could be exploited remotely.

Oracle next week plans to release fixes for 37 security flaws across all its products, the company said Tuesday.

The fixes will be delivered April 17 as part of Oracle's quarterly patch cycle. Seven of the bugs are serious and could allow a system running the vulnerable Oracle software to be compromised remotely, the company said in a note on its Web site.

This is the second time Oracle is giving a heads-up on patches. The first such advance notice was in January. Microsoft has been giving customers a similar early warning since late 2004. Both companies have put their patches on a schedule so customers know when to expect them. The early warning is meant to allow for extra preparedness.

Oracle's advance notification goes further than Microsoft's, which only states the product family for which patches will be released and gives a broad indication of bug severity. Oracle also lists the number of vulnerabilities it plans to patch and gives details of which products and components will get fixes.

Oracle's "Critical Patch Update" is planned to include 13 fixes for Oracle database products, five for Application Server, 11 for E-Business Suite, and four for PeopleSoft and J.D. Edwards products, according to Oracle's note.

In January, Oracle released fixes for 51 vulnerabilities.
Featured Video

Behmor's app controlled coffee maker links to the Web for better brewing

The $329 Behmor Connected Coffee Brewer boasts the guts of an SCAA-approved drip coffee maker melded with a Wi-Fi radio, plus Internet links and mobile app control all in the interest of creating better pots of java.

by Brian Bennett