Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Disclosure or advertising?"] [Next entry: "Oracle responds to the password algorithm weakness paper"]

Problems with the October CPU discovered



There was a thread on the bugtraq mailing list a few days ago about more troubles with Oracle's security fixing efforts. The latest patch set in the Critical Patch Update sequence, CPU October 2005 has got problems. The post is titled "Oracle October 2005 CPU Problems" and discusses the same issue with the CTXSYS.DRILOAD.VALIDATE_STMT that was fixed a number of CPU's ago and failed to be fixed properly and has now failed to be fixed again. The issue is with the patch installer incorrectly calling SYS.DBMS_REGISTRY.SCRIPT. When will this bug finally be fixed for all platforms and versions affected.