WiFi Finder

Locate wireless services by a specific address, city, state, country, airport, or zip code.

Get Connected Now

RSS Feeds

Get our latest content via convenient RSS feeds.

See All RSS Feeds

Become a PCW Member

Join the community and start enjoying the benefits:

Get tech advice from thousands of PC World Members
Rate and recommend the latest tech products
Share your thoughts in blog and article comments
Get free excerpts and exclusive discounts on Super Guides

Signing up is free and easy.

Oracle Patches Its Security Patches

Database patches fix flaws found in previous fixes.

Matthew Broersma, Techworld.com

Oracle has released two sets of database patches to fix flaws in previously released security patches. One of the affected fixes is itself a fix to an earlier set of patches. So that's a patch for a patch for a patch.

Separately, a serious security flaw has surfaced in MySQL, the popular open-source database management system, potentially allowing remote attackers to take over a system.

Oracle said last week that it has identified problems with two of its security updates. The first relates to a Critical Patch Update in April, which fixed 70 security flaws in Oracle databases and application servers. Earlier this month, Oracle confirmed that the April Critical Patch Update was flawed--a step was missing from the installation script. Last week, however, Oracle confirmed in an e-mail to customers that the July fix for the April update didn't work properly.

Oracle also issued another quarterly Critical Patch Update in July; this update fixes the problems with the April update. However, the July update has problems of its own, causing problems with Oracle Database 10.1.0.3 and 10.1.0.4 and Oracle Enterprise Manager, Oracle said in a customer e-mail last week. Customers running the affected versions of the database with Enterprise Manager should download an updated version, according to the company.

Under Fire

Oracle has come under heavy criticism for its patching system in recent months. Most recently a German security firm released details of several high-risk Oracle flaws, along with work-arounds, claiming to have seen no action from Oracle two years after reporting the bugs. The firm said the delay was more evidence that Oracle's patching system is in disarray.

Meanwhile, MySQL is vulnerable to a flaw involving the zlib compression library, according to an advisory from the database maker. MySQL contains a version of zlib that is vulnerable to a buffer overflow that could be exploited via a specially crafted compressed stream embedded in network communications or an application file format, according to researchers.

MySQL released an update, version 4.1.13, that fixes the problem, along with some less serious problems that could allow attackers to crash the server in various ways.

Sponsored Resource:Improve your network with the right mix of features, performance and pricing.
Sponsored Resource:Growing your business requires the right tools. Dell's networking servers can help.
Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
Sponsored Resource:Twitter: A how-to guide for using Twitter as a business tool.
Sponsored Resource:Smartphone security threats are on the rise. Is it time to safegaurd your device?

See more like this:
Oracle,
database,
security,
patch,
flaw,
fix,
MySQL