Pete Finnigan's Oracle Security Weblog

Oracle has sent out an email to all customers who have downloaded the Critical Patch Update january 2006 for Linux for 10.2.0.1. This is becomming a recurrant theme of all CPU releases since they have started. The jist of the issue is that not all fixes for security vulnerabilities were not included when they should have been. Hence Oracle have re-released the patch with all the fixes this time intact. Here is the complete email from Oracle customer support

"Dear Oracle Customer,

You are receiving this email because our records indicated you downloaded
the Critical Patch Update January 2006 (CPUJan2006) patch for Oracle
Database 10.2.0.1 (Patch 4751931)for Linux x86 before it was re-uploaded on
January 20, 2006.

These patches were re-uploaded because some files did not include all of the
changes required to fix the security vulnerabilities being addressed in the
January 2006 Critical Patch Update. No functional problems will be
encountered by applying an earlier version of these patches, but some
security vulnerabilities will not be completely fixed. Even if you have
successfully applied an earlier version of these patches, you should still
re-download and re-apply the latest version of the patches, dated
20-JAN-2006.

Please accept our apologies for any inconvenience you may have experienced,
and we thank you for your patience and cooperation in securing your Oracle
server products.

Regards,
Oracle Global Product Security

P.S. Please use MetaLink, https://metalink.oracle.com, to submit a Service
Request If you require further assistance. Please do not reply to this
email."

More details can be found at here if you have a metalink account. You should have if you are downloading and applying patches.