Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: not your average security-related article

Re: not your average security-related article

From: Ray Stell <stellr_at_cns.vt.edu>
Date: Wed, 3 May 2006 11:25:12 -0400
Message-ID: <20060503152512.GI3750@cns.vt.edu> 





On Wed, May 03, 2006 at 10:57:46AM -0400, Paul Drake wrote:


> http://www.computerworld.com/securitytopics/security/holes/story/0,10801,111098,00.html





Recent posts to bugtraq:



Litchfield, 02 May 2006:


"Most recently, Oracle informed us that on the 18th of April 2006 that
Critical Patch Update would be released. This date had been planned for over
a year so why, on that date, were patches not ready for versions 10.2.0.2,
10.1.0.4, 10.1.0.3, 9.2.0.5, 8.1.7.4 and only partial patches for 10.1.0.5?
Further, patches were only available for versions 9.2.0.7, 9.2.0.6 and
10.2.0.1 which means patches are available for only 33% of their supported
versions - what about the poor people running the other 66%?



Kornbrust, 02 May 2006:


"2 weeks ago I found a way to bypass dbms_assert in many cases.
Oracle is already informed. This means that many Oracle packages are
vulnerable again and the bugfixes against SQL Injection are often
useless."

--
http://www.freelists.org/webpage/oracle-l


Received on Wed May 03 2006 - 10:25:12 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US