Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Oracle’s New Search Efforts"] [Next entry: "Mary Ann Davidson has started a blog!"]

Oracle have sent out an email to advise customers to patch CPU Jan 2006 for on Linux

Oracle has sent out an email this evening to ask any customers who have previously downloaded the Jan CPU 2006 to check if they are vulnerable to a bug in the patch and if so to download a new one-off interim patch. The full email is included here:

"Critical Patch Update January 2006 for Oracle Database

Dear Oracle Customer,

You are receiving this email because our records indicated you downloaded Critical Patch Update January 2006 (CPUJan2006) patches for Oracle Database version on all Unix and Linux platforms (Patch 4751923) or Windows platforms (Patch 4751528 or 4741074).

Due to problems in the patch building process, you may experience ORA-00933 when running Change Data Capture related packages after applying the above patches. To check whether the issue is applicable to your Oracle Database, connect to the database as SYS and run the following command:

SQL> SELECT dbms_registry.script('CATJAVA','@javacpu.sql') AS sqlfile FROM DUAL;

If the above command returns "?/rdbms/admin/nothing.sql", no action is required. If it returns "@javacpu.sql", please download and apply interim (one-off) Patch 5090555 to the Oracle Database home to correct the problem.

Please accept our apologies for any inconvenience you may have experienced, and we thank you for your patience and cooperation in securing your Oracle server products.

Oracle Global Product Support

P.S. Please do not reply to this email as this email account is not monitored. If you require further assistance, please use MetaLink,, to submit a Service Request. "