Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle security joke - a template for journalists"] [Next entry: "Harder-to-Detect Oracle Rootkit on the Way"]

Oracle have re-released the Linux Jan 2006 CPU patch for

Oracle has sent out an email to all customers who have downloaded the Critical Patch Update january 2006 for Linux for This is becomming a recurrant theme of all CPU releases since they have started. The jist of the issue is that not all fixes for security vulnerabilities were not included when they should have been. Hence Oracle have re-released the patch with all the fixes this time intact. Here is the complete email from Oracle customer support

"Dear Oracle Customer,

You are receiving this email because our records indicated you downloaded
the Critical Patch Update January 2006 (CPUJan2006) patch for Oracle
Database (Patch 4751931)for Linux x86 before it was re-uploaded on
January 20, 2006.

These patches were re-uploaded because some files did not include all of the
changes required to fix the security vulnerabilities being addressed in the
January 2006 Critical Patch Update. No functional problems will be
encountered by applying an earlier version of these patches, but some
security vulnerabilities will not be completely fixed. Even if you have
successfully applied an earlier version of these patches, you should still
re-download and re-apply the latest version of the patches, dated

Please accept our apologies for any inconvenience you may have experienced,
and we thank you for your patience and cooperation in securing your Oracle
server products.

Oracle Global Product Security

P.S. Please use MetaLink,, to submit a Service
Request If you require further assistance. Please do not reply to this

More details can be found at here if you have a metalink account. You should have if you are downloading and applying patches.