Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "More on Sarbanes Oxley and Oracle"] [Next entry: "Critical patch update - January 2005 is out"]

The first Oracle security alert for Jan 18th - First quarterly scheduled security patch

I just saw the first post about new vulnerabilities in the Oracle database on the bugtraq mailing list at Security Focus. The post was made about one hour ago by NGS. The post is titled "Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i" and discusses multiple bugs that have been found and fixed in the first of the new quarterly patch schedule fixes. They also have announced as they did with alert 68 that they will withold details of the actual bugs they have found until April 18 - 3 months later so that customers can get patched first. The post also suggests customers should go to Metalink for the patches.

As of now there are no announcments on Metalink or on OTN or on the Oracle security alerts page with respect to availability of the new patch set but there is a note on the Oracle alerts page to say that its scheduled to be released today.