Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Steve Kost has released an Integrigy advisory for CPU - January 2005"] [Next entry: "Tom talks about proxy users"]

Integrigy releases a useful impact analysis paper on CPU - Jan 2005

Integrigy have released a very useful paper that shows some analysis of the recent CPU - Jan 2005 patch release. The paper is titled
Oracle Critical Patch Update - January 2005 - E-Business Suite Impact. The analysis provides more information on the recent patches and bugs for the Oracle E-Business Suite. The paper is broken down into sections as follows:

  • Assessment of vulnerabilities

    • Oracle database vulnerabilities (DB01 - DB17)

    • Oracle Application Server Vulnerabilities (AS01 - AS03)

    • Oracle E-Business Suite vulnerabilities (APPS01 - APPS02)

  • Oracle patch analysis

    • Oracle database patches

    • Oracle application server patches

    • Oracle developer 6i patches

    • Oracle E-Business Suite patches

  • Patching strategy

    • High Risk and secure environment strategy

    • Non High risk environment strategy

This is an excellent paper, well written and very thorough. Anyone looking to patch Oracle applications or the E-Business suite should read this paper. This is quite a unique paper with insight, risks and analysis not seen elsewhere.

There are also two other papers on the Integrigy site that relate to CPU - Jan 2005 and its analysis. These are - (broken link) Integrigy Recommended Oracle Patch List - January 18, 2005 and - (broken link) Integrigy Oracle Security Alert Analysis - January 18, 2005 which are locked and only available for customers.