Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 45 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » April 2007 » Oracle Critical Patch Update April 2007 is out

[Previous entry: "103 free security apps for Mac, Windows and Linux"] [Next entry: "Oracle Updates Leave Critical Windows Flaw"]

Oracle Critical Patch Update April 2007 is out

April 17th, 2007 by Pete

The latest in the line of Oracle's Critical Patch Updates, CPU April 2007 is out. The advisory from Oracle is titled "Oracle Critical Patch Update - April 2007" and includes 13 database fixes, one enterprise manager and one workflow cartridge bug. a total of 16 database product related bugs. Two of the database bugs can be remotely exploited without authentication. Two of the database patches affect client only installations as well. There are 5 Application server fixes, one workflow cartridge and one ultra-search fix. Two of these can be remotely exploited without authentication. There is one collaboration suite fix and one workflow again, neither of these can be remotely exploited without authentication. There are 11 E-Business Suite fixes, again two of which can be exploited remotely without authentication. There is also the workflow bug fix again. Enterprise Manager has one fix. There are three PeopleSoft fixes and one JD Edwards fix.

This is a mixed bag, again the patch is critical and needs to be applied quickly because of the remotely exploitable bugs and also because of the recent tendancies for exploits to become quickly available on the net. The numbers are smaller than the last patches but are still excessive in terms of raw security fixes. Have Oracle turned the corner in terms of reducing the numbrs of security bugs? - not sure, it would seem that the numbers are reducing but the recent number of papers on Oracle security and forensics, re;eases of exploits would suggest a renewed effort on the part of researchers to push Oracle further by being more creative in terms of finding security bugs in its products. Let's wait and see if the trend keeps falling in terms of fixes in July.

April 2007

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!