Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 62 visitors online    

Pete Finnigan's Oracle security weblog


Home » Archives » November 2004 » Oracle 9.2.0.6 and alert #68

[Previous entry: "Mark Rittman talks about Trace format utilities"] [Next entry: "James Morle's book is available as a free pdf"]

Oracle 9.2.0.6 and alert #68

November 26th, 2004 by Pete

Post to del.icio.us   Post to Furl   Digg!

There has been some confusion as to whether the new 9.2.0.6 patch set includes the fixes for the now infamous alert #68. This has caused some traffic on the Oracle-l mailing list recently. Let me summarise some of these posts and also analyse the results.

The first post I came across was in a thread entitled Patch 9.2.0.6 and Alert #68 where Jared tries to clarify the situation. He suggests that 9.2.0.6 does indeed include fixes for alert 68, although one metalink document is unsure about this Doc ID 283899.1 then Doc ID 283897.1 does state that alert 68 is included in the 9.2.0.6 patch set. Then Mike said that he concurred but he had noticed that a note on metalink said that some alert #68 fixes are e.g. mod_plsql is not included. More on this in a later comment.

In another thread entitled Patchset 9.2.0.6 The poster asks where is the 9.2.0.6 patch set for other platforms apart from the Windows release. An interesting side note to this is Pete Sharman's reply which tells us that Oracle development is still moving to Linux so all future development will be on Linux and there should be no porting need for this platform.

A third thread on the same subject entitled 9.2.6 patch release installed starts by saying that the patch set had been installed but the poster was now running alert #68, back to the original plot.....

Then Jared comes up with the goods and tells us that only the database portions of security alert 68 are included in patch set 9.2.0.6, the HTTP server patches are not included. This is according to this metalink note. Alex confirms that the database portions are installed but the OUI doesn't indicate that alert 68 is installed. Another poster expresses his confusion at all of this patch 9.2.0.6 and alert 68 goings on. Basically he said he was told to apply p3835964 after 9.2.0.6 (p3948480). Not clear at all.

The watch words seem to be clarity and consistency!! - Maybe the Alert 68 FAQ should be updated to answer the doubts about 9.2.0.6 and alert 68.


November 2004
SMTWTFS
 123456
78910111213
14151617181920
21222324252627
282930    

About

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Search weblog

Home and Archives

Weblog Home
Weblog Archives

Recommended reading

Oracle Security Step-by-Step (Version 2.0)

Useful links

Home
Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Other useful blogs

Web Development
SQL Server Security

Syndication - Feeds

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0

Other Links


Valid XHTML 1.0!