Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Definer rights AS SYSDBA security issue?"] [Next entry: "Details Oracle Critical Patch Update January 2007 - V1.02 released"]

Critical Patch Update January 2007 is out

The latest in the series of Critical Patch Updates, "Oracle Critical Patch Update - January 2007" has just been released by Oracle. The patch provides 51 new security fixes across all products. Because there is a real risk of a successful attack, remember a number of this bugs can be expolited remotely without the need for a username and password. Oracle are recommending that the patch is applied as soon as possible. This, I know from experience is difficult fo some customers. There are a few new names in the credits and a few regulars, Alex and the Litchfields. The matrix's list the bugs per product and the lists get easier read each time. Oracle do seem to be making the advisories easier to read. Lets hope that the numbers of bugs fixed each quarter get less and also the number of remotely exploitable bugs without authentication get less, then we will see really good progress.