Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: " talks about the Oracle CPU April 12 patch release"] [Next entry: "CIS Oracle benchmark has been updated"] has a news item about CPU 2

I was emailed yesterday before the patch release by Michael Singer who asked if I had any comments on the latest patch release. At the time, before its release I could only note that Alex had just put out a paper on SQL Injection in Oracle forms and I assumed that a fix would be included in the patch release. This proved not to be the case. I also mentioned the issue of researchers having large lists of bugs that have not been fixed. Michael included these points in his news item "Oracle Security Updates Include PeopleSoft Fixes". Michael also includes the fact that PeopleSoft fixes are included in this patch set. Michael’s news item is worth reading for his comments on this latest patch set.