Oracle update fixes security flaws

Company's database, application server and 11i E-Business Suite are covered in the quarterly update.

Database maker Oracle has corrected a number of security bugs with its latest quarterly update.

Various versions of Oracle products, including its database, application server and 11i E-Business Suite, are part of Tuesday's update, according to the company.

"A number of high-risk SQL injection and parameter manipulation security vulnerabilities in the Oracle E-Business Suite are corrected by the security patches released" Tuesday, said security company Integrigy, which produces tools for a number of enterprise applications from companies such as Oracle and PeopleSoft. "Customers with Internet-facing implementations of the Oracle E-Business Suite should consider applying these patches as soon as possible."

Chicago-based Integrigy added that "it is possible that an attacker with only a Web browser and a network connection (either internally or externally) to Oracle E-Business Suite Web application servers can execute malicious SQL statements in the database as the APPS database account."

Oracle's next update is scheduled for Oct. 18.

Renai LeMay of ZDNet Australia reported from Sydney.

Featured Video

Common battery myths that need to die

Sharon Profis busts a few overplayed battery myths on "You're Doing it All Wrong."

by Sharon Profis