Oracle Issues 41 Security Fixes in Latest CPU

Oracle plugs a critical security hole in Oracle Application Server in its latest round of patches.

Oracle released fixes for a total of 41 bugs in its April Critical Patch Update, including a serious vulnerability affecting Oracle Application Server.

The CPU, Oracle's second of the year, includes 17 fixes for Oracle Database products, 11 for the Oracle E-Business Suite, six for the Oracle Siebel Enterprise Suite, three for Oracle Application Server, three for the PeopleSoft-JD Edwards Suite and one for Oracle Enterprise Manager.

The most serious of the vulnerabilities affects Oracle Application Server, specifically Oracle Jinitiator, and has a CVSS (Common Vulnerability Scoring System) rating of 9.3. Jinitiator allows a Web-enabled Oracle Forms client application to run within a browser. According to the company's advisory, the vulnerability applies only to the client portion of Application Server.

"The impact of this vulnerability is limited to Jinitiator; there is no Oracle Application Server impact," company officials stated in the advisory. "Oracle Jinitiator Versions 1.3.1.15 and later are not affected."

All three of the vulnerabilities affecting Application Server can be exploited remotely without authentication. Seven of the 11 vulnerabilities affecting Oracle E-Business Suite can be exploited remotely without a user name or password.

January's CPU featured 26 security fixes for Oracle products. The next CPU is slated to be released July 15.

Author: Brian Prince @ www.eweek.com

Read more ...

Oracle launches two archiving products

Oracle has announced two products aimed at securely archiving enterprise content and email. The Universal Online Archive application sits on top of Oracle's database, said Andy MacMillan, vice president of product marketing in Oracle's enterprise content management division. That means the content can use features like SecureFiles, a file encryption and compression system native to Oracle's 11g database release.

Oracle developed the core of the software organically, but it also employs some technology from its acquisition of Stellent, according to MacMillan.

Despite its name, the initial release of Universal Online Archive will first be available as an on-premises install, according to MacMillan. However, he added, "We are looking very aggressively at what it would take to make this an on-demand product."

The other new release, Oracle E-Mail Archive Service, provides a means for storing content from Microsoft Exchange, IBM Lotus Notes and SMTP-based mail systems, Oracle said.

"The email archiving market is a growing market for a lot of compliance reasons," MacMillan noted. "This product really grew from a lot of market demand we got from our own customers."
The announcements garnered a nod of approval from one observer.

"I think what Oracle is trying to do with [Universal Online Archive] is develop an infrastructure application that will sit behind all of the other systems and allow retention and retention policies to occur and be managed centrally," wrote David Roe, a technical architect for Ironworks Consulting, on his blog.

"Where I think they are doing it right is by not trying to force companies into replacing their current applications," he added. "I don't think anyone would be interested in another Exchange or another SharePoint just to implement better compliance software."

Oracle did not name a firm date for the products' release, saying only that they are expected to be available in 2008. Universal Online Archive is expected to cost US$20 (310)per named user or $75,000 (£37,500) per CPU, and the E-Mail Archive Service will be priced at $50 per named user plus or $40,000 per CPU.

It made the announcements at the start of Collaborate 08, an Oracle user conference going on this week in Denver.

Author: Chris Kanaracus @ IDG News Service

Read more ...

Capgemini Named A Leading Oracle Implementation Provider By Independent Research Firm

Capgemini, one of the world’s foremost providers of consulting, technology and outsourcing services, today announced that it has been named a leader in an independent report about Oracle Implementation Providers by Forrester Research, Inc.

Capgemini was among the select companies that Forrester invited to participate in its March 10, 2008, Forrester Wave™ report, “Oracle Implementation Providers, Q1 2008”, which is Forrester’s first evaluation of Oracle implementation providers. The report assessed 13 providers across 107 criteria. In this evaluation, Capgemini was cited as a “leader” among global Oracle Implementation Providers.

The Forrester report states that Capgemini is an Oracle implementation leader “with strong end-to-end implementation skills,”1 and describes Capgemini in its vendor summary as follows:

“Capgemini rounds out the Leaders group with strong overall capabilities and EMEA presence. Capgemini is strong across most phases of implementation and across a breadth of verticals. It is also unique in being the only provider in the evaluation with a client base and resource mix more heavily skewed towards Europe.”1

“We’re honored to be named a leader in Forrester’s Oracle Implementation Wave,” said Connie Cservenyak, vice president and global Oracle alliance leader, Capgemini. “As an Oracle Certified Advantage partner, we’re able to use our extensive knowledge of Oracle’s suite of applications to jumpstart our client’s implementation process and to help them foster innovation and growth for their businesses.”
The Forrester Wave™ is available to registered Forrester clients at (http://www.forrester.com/Research/Document/Excerpt/0,7211,42379,00. html).

(Due to its length, this URL may need to be copied/pasted into your Internet browser’s address field. Remove the extra space if one exists.)

About Capgemini

Capgemini, one of the world’s foremost providers of consulting, technology and outsourcing services, enables its clients to transform and perform through technologies. Capgemini provides its clients with insights and capabilities that boost their freedom to achieve superior results through a unique way of working - the Collaborative Business Experience - and through a global delivery model called Rightshore®, which aims to offer the right resources in the right location at competitive cost. Present in 36 countries, Capgemini reported 2007 global revenues of EUR 8.7 billion (approximately US$12 billion) and employs over 83,000 people worldwide.

More information is available at www.capgemini.com.

Read more ...