Today, July 15th, Oracle will release its quarterly critical patch update. They have now published the pre-release announcement. The highest CVSS score of all vulnerabilities patched is 6.8 (6.5 is the maximum for the Oracle Database itself). Below is the list of software planned to be affected, quoted from their announcement:
Oracle notes that this is the first time patches for BEA, Hyperion and TimesTen technology are included in the release. If you are running software from these recently-acquired vendors, please be aware. It should be noted that the CVSS for application software vulnerabilities such as a database are generally lower, but not necessarily less critical in specific environments. A bug may not give access to the underlying operating system, but in the case of a database we tend to be more worried about the data housed there than other software running on the same system. We recommend reviewing the pre-release announcement, and subsequent release, closely, and prioritize patching according to your specific environment's requirements. |
Maarten 158 Posts Jul 15th 2008 |
Thread locked Subscribe |
Jul 15th 2008 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!