Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle has been silently fixing security bugs in CPU July 2005"] [Next entry: "A good German new item on CPU 12 July 2005"]

Oracle are asking customers to download CPU July 2005 for 10.1.0.x again as there is a problem

Oracle has sent out an email to all customers who have downloaded the July 2005 Critical Patch Update for Oracle or before the patch was re-uploaded on July 13 or July 14 depending on the platform involved. This email went on to say that the reason for the updating of the patch already is that a problem was found that when a new database is created when it is discovered in Enterprise Manager it can show a state of pending, the issue affected all platforms but if Enterprise Manager is not used then there is not an issue. Oracle goes on to say that if you have not already applied the patches then make sure you get the latest ones and apply them, if you have already applied the patch the download them again and re-apply them.

I was trying to find out if this email can be backed up from other sources. I checked the advisory and found that no updates had been applied to the actual advisory, the same with the security alerts page on OTN. I also checked out Metalink headlines and the advisory there on Metalink, again no updates referring to this issue. When I checked out the actual patches on Metalink the last update dates where 14 July and 13 july. So I guess this email can be confirmed by this fact.

If you have downloaded the patches for 10.1.0.x before 14 July then you should check that you have the correct versions and re-apply newer ones if necessary.