Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "New version of cracker-2.0 the PL/SQL cracker - option to not reveal passwords"] [Next entry: "How to write injection proof PL/SQL"]

October Critical Patch Update 2008 is out

The latest in the line of Critical Patch Updates (CPU October 2008) has just come out. The Oracle advisory "Oracle Critical Patch Update Advisory - October 2008" has just been released and it describes the fixes available with this patch.

There are a few new names in the credits section and also an increase in people helping with the security in depth program. I was credited again on this CPU, the second time this year. I will release an advisory later related to this fix. The number of database fixes is set at 15, one of which can be expoited remotely without authentication. The highest CVSS ratings are two 6.5's. There are also a number of application server, E-Business Suite, Peoplesoft and BEA fixes included in the patch/advisory.