[Previous entry: "October 2006 Critical Patch Update (CPU) is out"] [Next entry: "Oracle Issues Monster Security Patch"]
Details of bugs fixed in CPU October 2006 released
October 18th, 2006 by Pete
Post to del.icio.us
Post to Furl
I chatted to Alex earlier this evening and he let me know that he has added a new page to his site that analyses the October 2006 CPU. This page is titled "Details Oracle Critical Patch Update October 2006 - V1.00" and it details all of the database related bugs and APEX bugs fixed in the October CPU. In particular it details the bugs that Alex found with links to seperate advisory pages. These include:
xdb.dbms_xdbz0
sys.dbms_sqltune _internal
mdsys.sdo_lrs
SQL Injection in dbms_cdc_impdp2
Modifying data via in-line views
Oracle Reports Cross Site Scripting
Cross Site Scripting in APEX NOTIFICATION_MSG
Cross Site Scripting in APEX WWV_FLOW_ITEM_HELP
SQL Injection in APEX WWV_FLOW_UTILITIES
Enjoy!
