Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "oops missed off the link"] [Next entry: "Integrigy releases a useful impact analysis paper on CPU - Jan 2005"]

Steve Kost has released an Integrigy advisory for CPU - January 2005

I got an email from Steve a couple of days ago, thanks Steve! for letting me know about his advisory for the CPU - Jan 2005 patch set. The Integrigy advisory is called High Risk Security Issues in the Oracle Database and Oracle Applications - Oracle Critical Patch Update January 2005 and details the security bugs found by Stephen Kost of Integrigy and fixed in Oracles CPU - Jan 2005 patch set. The bugs found include multiple issues in the Oracle Spatial MDSYS.MD2 package, a denial of service in the Oracle Forms Server and a password leakage issue in the Oracle Reports Server and two SQL Injection issues in the Oracle E-Business Suite.

I have also updated my Oracle security alerts page to complete the annotated details I know of for CPU - Jan 2005 advisories.