Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "oh the irony..."] [Next entry: "Eric Maurice speaks about the July CPU"]

CPU July 2006 is out

I have just returned home and checked for the July alert on Oracles alerts page and found that its out. I notice that the date on the main alerts page shows July 17 2006 but it should be released today and it has been released today.

The alert "Oracle Critical Patch Update - July 2006" takes the usual form of recent alerts. Credits are given to the usual suspects, Alex, David, Esteban and a couple of newer names to the Oracle security game, Dr. Christian Kleinewaechter and Swen Thuemmler. The alert covers quite a number of bug fixes, 23 database, 4 database client, 10 application server, 1 collaboration Suite, 20 E-Business Suite, 4 OEM, 2 peoplesoft and 1 JD Edwards bugs.

This quite an array of bugs for a company that has recently seemed to be getting on top of security bugs fixing. The database has a few package based bugs, these would be reasonably easy to work out how to exploit by comparing the new updated packages with the old. There is a raft of OCI bugs and also DB2 sounds like the recent 0-day exploit published on Metalink.

when will we see a CPU with one or two fixes?