Oracle has released an extraordinary 65 fixes for a wide range of software products in its quarterly security release.
The patches cover problems in the company's database, application server, and e-business suite products, among others, according to Darius Wiles, manager of Oracle Security Alerts.
Some of the patches are also designed for client software that works with Oracle's databases, he said. "There are 23 fixes for vulnerabilities that affect database servers and another four that apply to clients."
Included are fixes for an exploit that had been made public on the Bugtraq mailing list back in April, as well as a fix for a bug that Oracle had inadvertently disclosed on (and then quickly removed from) its own Metalink support service.
There are 10 fixes for Application Server and 20 fixes for E-Business Suite.
Many of the vulnerabilities relate to a proprietary networking protocol used by Oracle's database, called Oracle Net.
The protocol has come under increased scrutiny over the past year, according to Amichai Shulman, chief technology officer with Imperva. "No one has explored these options up until now," Shulman said. "Once people dive into these obscure protocols, they are sure to find many vulnerabilities."
Often, network vulnerabilities can be the most dangerous, he said, "because you don't need any database credentials in order to exploit them".
Oracle's next critical patch update is scheduled for 17 October.
Find your next job with techworld jobs