Yesterday Oracle has published the pre-release announcement for the upcoming CPU next tuesday. According to this announcement the CPU will fix 41 security in various Oracle products. 17 vulnerabilities are affecting the Oracle Database.
- Advanced Queuing
- Audit
- Authentication
- Change Data Capture
- Core RDBMS
- Data Pump
- Export
- Oracle Application Express
- Oracle Net Services
- Oracle Secure Enterprise Search or Ultrasearch
- Oracle Spatial
- Query Optimizer
2 of these vulnerabilities are located in APEX and 2 of these 17 are remote exploitable (APEX?).
Tonight Oracle secalert will normally inform the researchers what vulnerabilities will be fixed by the upcoming CPU. It seems that some of our critical vulnerabilities (e.g. Bypass Oracle auditing in all databases) will be fixed next week.
More about the CPU next tuesday night or at HITB 2008 Dubai. Cesar Cerrudo and I will be there.