Pete Finnigan's Oracle Security Weblog

I have just returned home and checked for the July alert on Oracles alerts page and found that its out. I notice that the date on the main alerts page shows July 17 2006 but it should be released today and it has been released today.

The alert "Oracle Critical Patch Update - July 2006" takes the usual form of recent alerts. Credits are given to the usual suspects, Alex, David, Esteban and a couple of newer names to the Oracle security game, Dr. Christian Kleinewaechter and Swen Thuemmler. The alert covers quite a number of bug fixes, 23 database, 4 database client, 10 application server, 1 collaboration Suite, 20 E-Business Suite, 4 OEM, 2 peoplesoft and 1 JD Edwards bugs.

This quite an array of bugs for a company that has recently seemed to be getting on top of security bugs fixing. The database has a few package based bugs, these would be reasonably easy to work out how to exploit by comparing the new updated packages with the old. There is a raft of OCI bugs and also DB2 sounds like the recent 0-day exploit published on Metalink.

when will we see a CPU with one or two fixes?