Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle Integrating Identity Wares"] [Next entry: "Oracle issues security patch"]

Oracle releases an out of step security patch for E-Business Suite

Oracle has released what some are calling a stealth security patch. They normally only release security patches as part of the Critical Patch Update process on a quarterly basis. It is common however to include security fixes in upgrades that are then included in the next CPU but Oracle do not normally publicise the security fixes.

In this case Oracle has released a Diagnostics support pack February 2006 with Oracle Diagnostics RUP A. This is an upgrade to Oracle E-Business Suite diagnostics. It is unusual for Oracle to publicise the fact that security fixes are included with an upgrade and to encourage customers to apply the patch. Cynical observers may think that Oracle are encouraging customers to upgrade to make support easier by encouraging the application of the patch. This patch and some comments and bug information are included in an excellent paper by Integrigy called "Security Analysis - Diagnostic support pack February 2006 patch E-Business Suite impact"