Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "October 2006 Critical Patch Update (CPU) is out"] [Next entry: "Oracle Issues Monster Security Patch"]

Details of bugs fixed in CPU October 2006 released



I chatted to Alex earlier this evening and he let me know that he has added a new page to his site that analyses the October 2006 CPU. This page is titled "Details Oracle Critical Patch Update October 2006 - V1.00" and it details all of the database related bugs and APEX bugs fixed in the October CPU. In particular it details the bugs that Alex found with links to seperate advisory pages. These include:

xdb.dbms_xdbz0
sys.dbms_sqltune _internal
mdsys.sdo_lrs
SQL Injection in dbms_cdc_impdp2
Modifying data via in-line views
Oracle Reports Cross Site Scripting
Cross Site Scripting in APEX NOTIFICATION_MSG
Cross Site Scripting in APEX WWV_FLOW_ITEM_HELP
SQL Injection in APEX WWV_FLOW_UTILITIES

Enjoy!