Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Poor mans database vault"] [Next entry: "Escalate privileges to SYSDBA with CREATE USER"]

Latest Oracle CPU is out

The latest in the reasonably long line of Oracle quarterly CPU's is now out. It was available yesterday evening UK time. I was out teaching my two day class for the last two days so missed it until this morning. The CPU seems quite busy this time but including some serious bugs that Oracle are recommending that you as customers of Oracle install the patch as soon as possible. The number of bugs in the database itself is slightly lower as is the total fixes this time, 10 (actually the table shows 12 as two OEM bugs are included) / 30 respectively. The Oracle's advisory is here.

This quarter I also get a credit on Oracle's advisory for contributions to the "Security In Depth" program. This is a program where researchers and customers help Oracle make significant changes to the core code or documentation but are not of sufficient nature to be included in a CPU. See the advisory for links to details of this program. It's nice to know you get recognised even if a fic is not directly included in the CPU.