Alexander Kornbrust Oracle Security Blog » Print » Oracle Critical Patch Update Pre-Release Announcement

Oracle Critical Patch Update Pre-Release Announcement - April 2008

Dieser Eintrag stammt von Alexander Kornbrust Am 11 Apr 2008 @ 13:59 In Security, Oracle Security | Keine Kommentare

Yesterday Oracle has published the [1] pre-release announcement for the upcoming CPU next tuesday. According to this announcement the CPU will fix 41 security in various Oracle products. 17 vulnerabilities are affecting the Oracle Database.

Advanced Queuing
Audit
Authentication
Change Data Capture
Core RDBMS
Data Pump
Export
Oracle Application Express
Oracle Net Services
Oracle Secure Enterprise Search or Ultrasearch
Oracle Spatial
Query Optimizer

2 of these vulnerabilities are located in APEX and 2 of these 17 are remote exploitable (APEX?).

Tonight Oracle secalert will normally inform the researchers what vulnerabilities will be fixed by the upcoming CPU. It seems that some of our critical vulnerabilities (e.g. Bypass Oracle auditing in all databases) will be fixed next week.

More about the CPU next tuesday night or at [2] HITB 2008 Dubai. Cesar Cerrudo and I will be there.

Dieser Artikel wurde ausgedruckt ab Alexander Kornbrust Oracle Security Blog: http://blog.red-database-security.com

URL zum Artikel: http://blog.red-database-security.com/2008/04/11/oracle-critical-patch-update-pre-release-announcement-april-2008/

URLs in this post:
[1] pre-release announcement: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr20
08.html
[2] HITB 2008 Dubai: http://conference.hitb.org/hitbsecconf2008dubai/

Klicken hier zum Drucken.