Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Analysis of April 2007 CPU"] [Next entry: "I am speaking at the Northern Server Technology day tomorrow 24th April"]

NGS have released an analysis for the April CPU 2007

David has released a detailed analysis of the April 2007 CPU. This page is titled "Database Security Brief: The Oracle critical patch update for April 2007". this is a noce short summary of the issues and complements the coverage made by Alex on his site. David has covered a lot of the database bugs but the first paragraph is of the most interest for two reasons. First David points out that quite a few of the fixes are for very old bugs, one cited was reported in 2002 for instance. He feels that this indicates that Oracle have turned the corner and are finally clearing the backlog. The second point is that David indicates that he, Mark and Paul have reported a further 39 bugs, that is just NGS. Other researchers are obviously also concentrating on Oracle bugs and vulnerabilities. Also there was the announcement from Oracle that the CPU's for some platforms/products are not going be quarterly releases any more. I think the overall impression is that Oracle beleive that they have turned the corner and are clearing the backlog, that said the researchers are doubling their efforts to overturn that, lets see what happens!!