Oracle urges customers to apply critical update

Latest patch for the company's database and Web applications closes almost two dozen security holes.

Robert Lemos Staff Writer, CNET News.com

Robert Lemos

covers viruses, worms and other security threats.

See full bio

Robert Lemos

Jan. 18, 2005 2:46 p.m. PT

Database maker Oracle released on Tuesday a single critical update for its database and Web application software that's designed to close nearly two dozen security holes. The update marks the first from the software maker to come out on a quarterly schedule.

The Critical Patch Update, available on the software company's Web site, is meant to fix 17 flaws in different versions of the Oracle Database Server, three flaws in Oracle's Application Server and another flaw in the Oracle Collaboration Server.

Oracle did not release detailed information about the flaws but included several measures of the threat of the flaws in a table included with the advisory on the company's site.

Several of the vulnerabilities were found by security company Next-Generation Security Software, which urged Oracle users to download and test the patches. NGSSoftware will allow three months for administrators to patch their systems before it releases more details about the flaws.

Tuesday's patch release marks the first time Oracle has released patches on a quarterly schedule. The company plans to release updates in January, April, July and October.