Oracle needs to patch 44 more bugs

A German security researcher said this weekend that Oracle products, particularly its flagship database, are vulnerable to 44 bugs, the oldest reported to the developer two-and-a-half years ago, the newest submitted 12 days ago.

In a message posted to the Bugtraq security mailing list, Alexander Kornbrust of Red Database Security named 44 vulnerabilities, which included numerous SQL injection bugs, cross-scripting errors, and plain-text password exposures. Many of them will be fixed in upcoming Oracle security updates - which the company dubs "Critical Patch Update" (CPU) - or in future software upgrades, Kornbrust noted. No schedule has been set for the updates or upgrades, however. Oracle needs to patch 44 more bugs - Security -

Linked by shanmuga Tuesday, 2nd May 2006 8:09AM