Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Security Alert #68 - Have to upgrade versions prior to 9.2.0. 4

Re: Security Alert #68 - Have to upgrade versions prior to 9.2.0. 4

From: Paul Drake <bdbafh_at_gmail.com>
Date: Fri, 15 Oct 2004 12:55:50 -0400
Message-ID: <910046b4041015095541eb5732@mail.gmail.com>


David,

IMHO, 9.2.0.3 was not even production-grade, as something as simple as an export would fail, and there was a remote exploit for the XDB listener. There are likely many more issues, but those were enough for me. We waited for 9.2.0.4 to upgrade production from 8.1.7.4.x.

9.2.0.3 was not addressed by Alert #68, but is vulnerable. I'd suggest that you re-read whatever you read prior - and read the FAQ for this alert.

It was good for you to ask for a sanity check.

Users should not be running 9.2.0.3, and should be running either 9.2.0.4 or 9.2.0.5 with the approprirate patchsets covered by Alert #68 in place.

Just my opinion, though - and I might not be the best individual for a sanity check :)

Paul

On Fri, 15 Oct 2004 11:21:19 -0400, David Wagoner <dwagoner_at_arsenaldigital.com> wrote:
> Okay, after reading all of the Security Alert #68 notes I could find on
> MetaLink, I believe that the most stable release of Oracle 9iR2 is version
> 9203. I say this because it is supposedly not affected by Security Alert
> #68 (the alert says that the only 9iR2 versions affected are 9204 and 9205)
> and it has the fewest number of serious bugs (see Note:189908.1 to compare
> bugs by version). (BTW, check out this serious index corruption bug in 9205
> related to LMTs and ASSM- Bug# 3785200. Recommendation is to NOT use ASSM!)
> So, I plan to upgrade affected versions to 9203 to avoid the security
> patches and other serious bugs. I'm referring to Sun Solaris 8.
>
> Will someone please provide a sanity-check and let me know if I'm reading
> this stuff correctly?
>
> David B. Wagoner
> Database Administrator

--
http://www.freelists.org/webpage/oracle-l
Received on Fri Oct 15 2004 - 11:52:56 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US