[Previous entry: "CPU April 12 - 2005 is released"] [Next entry: "SearchSecurity.com talks about the Oracle CPU April 12 patch release"]
Oracle ships patches seeded with message digest data
April 13th, 2005 by Pete
Post to del.icio.us
Post to Furl
Alex emailed me to point me at a page on Metalink titled "Patches Downloaded from MetaLink will be Seeded with Message Digest Data: March 12, 2005".
This is an interesting change to Oracles patch distribution system as since March 12 all patches are seeded with digest data. This effectively means that patches cannot (or rather it would be much much harder) be altered or tampered with whilst being downloaded. Oracle does not supply tools to verify the digest, some OS's include such tools and there are many that can be downloaded.
This is a very interesting change to the patch release mechanism. Of course the question must be asked, has alteration of patches been a problem? Or is this a belt and braces job from Oracle. We should commend Oracle for including this type of integrity check for the patch release mechanism. This is a sign that Oracle does take security seriously on a few levels.
