Call: +44 (0)1904 557620 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Critical Patch Update January 2007 is out"] [Next entry: "Toolkit of generators and brute force tools"]

Details Oracle Critical Patch Update January 2007 - V1.02 released



Alex has created an analysis page for the most recent January 2007 CPU. His page is titled "Details Oracle Critical Patch Update January 2007 - V1.02". The page includes links to those bugs that have individual advisories available. There is less information about the database bugs than for the application server. There is also a nice link table for all of the database bugs to their CVE entries. The application server bugs include some brief details for most of the bugs as to what the issues are. As usual the database bugs that are in packages whilst not including details of the actual bug are reletively easy to work out if you have the tools to do it (a PL/SQL unwrapper).