Oracle has issued an urgent upgrade to its E-Business Suite 11i diagnostics module containing a number of the security fixes.
The "Diagnostics Support Pack February 2006 with Oracle Diagnostics 2.3 RUP A" aims to address security flaws in Oracle diagnostics Web pages and Java classes, according to Integrigy. Oracle diagnostics, a troubleshooting module of Oracle E-Business Suite 11i, is designed to allow IT administrators to conduct tests when configuring and setting up applications. The security patches are designed to limit access to the diagnostics tests.
It's a sign of the seriousness of the security flaw that Oracle chose to notify customers of the existence of the fixes. This breaks the usual Oracle pattern of merely announcing that upgrades are available.
Oracle's next security update is scheduled for April 18.