[Previous entry: "Tim Gorman has updated his excellent fileprobe.sh script"] [Next entry: "Mark has a post about Oracle's talks to buy Siebel"]
There is a security problem with Critical Patch Update April 2005 and alert #65
April 29th, 2005 by Pete
Post to del.icio.us
Post to Furl
I just got an email from Alex to let me know he had received an email from Oracle about a security problem with the latest scheduled patch set CPU April 2005 for the database server for versions 9.2.0.5 and 9.2.0.6. This looks like a standard email to all Oracle customers. I have not received one yet but i guess that I will as I am also an Oracle customer.
The email states that the CPU April 2005 patch set for 9.2.0.5 and 9.2.0.6 for the database server has been reported that causes the fixes for alert #65 to be incomplete.
The email goes on to say that if customers have already applied the patch for alert #65 first then no action is required, if not alert #65 needs to be applied. It can be applied either before or after CPU April 2005 (Don't you wish for a better naming convention?). If alert #65 is already applied then there will be a conflict shown.
So why is this? - I guess it is because CPU April 2005 is supposed to be a cumulative patch for all previous fixes so it looks like CPU April 2005 did not include some of the alert #65 fixes.
If you have applied CPU April 2005 and not alert #65 then you will be vulnerable so take notice of these details.
Critical Patch Update - April 2005 has not been updated since April 13 so does not yet reflect this information. Also Alert 65, Security Vulnerability in Oracle9i Application and Database Servers has not been updated yet either.
