Oracle Corp. Tuesday handed out another major patch load as part of its quarterly patch cycle.
The Redwood Shores, Calif.-based vendor in total patched 36 vulnerabilities in various products, including its database and application server software.
Along with the security updates, Oracle yesterday said it has made changes to an existing tool that seek out default accounts and passwords that could theoretically be used for nefarious purposes by malicious hackers. According to Oracle's MetaLink customer support site, databases upgraded from Oracle 7, Oracle 8i or Oracle 9i may still have the default accounts.
Security firm Symantec Corp. issued an alert to its customers, which said that many of the vulnerabilities addressed this quarter are significant.
"The biggest noticeable difference to previous [critical patch updates] is that the number of fixes is lower," Oracle security guru Pete Finnigan wrote in his blog, a reference to the 82 critical flaws Oracle addressed in its January update. "The database has 14 fixes for various versions of the database software, one of the fixes also applies to the application server."
According to Oracle, the patches released yesterday affect the following products: