Oracle has released security patches that plug several vulnerabilities reported last month in its database software and other products.
Customers should download the patches to fix holes in current and past versions of Oracle's database, application server and management tools, the company said.
It described the holes in its database and application server as "high risk," since a hacker could potentially exploit them to access a server without needing a user account, Oracle said.
Many of the holes were discovered in January by British security specialist David Litchfield of Next Generation Security Software , who has criticised Oracle for not releasing the patches sooner.
They were ready for release more than two months ago, according to Litchfield, but Oracle delayed their release while it prepared a new system for releasing security patches.
Two weeks ago, Oracle switched to a new, monthly cycle for releasing patches.
The affected products include the Oracle8i, Oracle9i and 10g versions of its database; the Oracle9i and 10g versions of its application server, and Enterprise Manager Grid Control 10g and Enterprise Manager Database Control 10g.
Exact version numbers are listed in a bulletin, at http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf Customers of the Oracle Collaboration Suite and Oracle E-Business Suite 11i were advised to also patch the database and application server components of those products.