Fundamental Oracle flaw revealed

17. Januar 2012
Over the past two months, InfoWorld has been researching a flaw in Oracle's flagship database software that could have serious repercussions for Oracle database customers, potentially compromising the security and stability of Oracle database systems.

Typically, when a bug results in a database outage, affected systems can simply be recovered from backups. But as InfoWorld has learned, this particular collection of OracleOracle issues could incur database outages that take considerable time and effort to correct. Alles zu Oracle auf CIO.de

[ Subscribe to the InfoWorld Daily newsletter and follow InfoWorld on TwitterTwitter to make sure you don't miss an article. | See Editor in Chief Eric Knorr's post to the Oracle community: "Caling all Oracle customers." ] Alles zu Twitter auf CIO.de

According to a source who asked not to be named, "This is a very real problem for us. We're spending considerable time and money to monitor, plan, and address it where we can."

In the process of reporting this story, we've conducted our own tests, verified information with sources we believe to be reliable, and consulted extensively with Oracle itself, which has given credit to InfoWorld for bringing the security aspect of the problem to the company's attention.

After we notified Oracle of our discoveries and following several technical discussions, the company requested that we hold this story until it had time to develop and test patches that addressed the flaw. In the interest of security for Oracle users, we agreed. Those patches are available at 1 p.m. PT today as part of the Oracle Critical Patch Update for January 2012.