[Previous entry: "I have updated my RSS feed to output 40 words instead of 20"] [Next entry: "Oracle have issued a second email with another exploitable vulnerability in 10.1.0.2 in CPU 12APR"]
Oracle have issued an email alert that CPU April 2005 is vulnerable to exploit
July 7th, 2005 by Pete
Post to del.icio.us
Post to Furl
I got an email from Alex Kornbrust this morning forwarding me an email sent by Oracle today 7th July and issued to all Oracle customers that had downloaded the Critical Patch Update for April 12 from their website. I did not receive this email myself yet. The email starts by saying that the person receiving it is doing so because they downloaded CPU 12 April for Oracle database versions 9.2.0.5, 9.2.0.6, 10.1.0.2, 10.1.0.3 and 10.1.0.4. It goes on to say that a step has been missed from the installation script that caused a JAR file to not be uploaded to the database. If you have not installed the JVM then there is no issue.
It goes on to say how to correct the problem after completing the installation of CPU 12 April. First start up the databases running out of the ORACLE_HOME that has been patched. For each database in the ORACLE_HOME being patched connect to the database with SQL*Plus as SYSDBA and issue the following command:
SQL> exec sys.dbms_java.loadjava('-v -f -r -s -g public rdbms/jlib/CDC.jar');
The email goes on to express apologies.
If you have installed CPU 12 April and if you have also installed the JVM then I urge you to follow these above instructions as your database is currently vulnerable.
