RE: April CPU 2014

From: Sayan Sergeevich Malakshinov <>
Date: Wed, 30 Apr 2014 16:30:08 +0400
Message-ID: <>

BTW, another one security vulnerabity was fixed in one of the latest patches(there is no this vulnerabity, at least, after January exadata patch bundle and CPUAPR2014), that allows to update/delete/insert on tables with "select" grant only.
I found it later than it was fixed in main codeline, but this vulnerability wasn't listed in CPU advisories.
Best regards,
Sayan Malakshinov wrote 2014-04-30 15:47:45:

> April CPU 2014
> Hello List,
> April CPU 2014 for DB will be of interest for high security environments
i.e. two privilege escalations I found have kindly been fixed by Oracle.
> There are details about the fixed issues in the book just released - though it is mainly about defence both in
> terms of using CC to reduce risk on large estates, and also how to make
privileged access controls like breakglass more effective, which again will
> be of interest for the sec minded folks wanting to make their DB
environments safer.
> Cheers,
> Paul
Received on Wed Apr 30 2014 - 14:30:08 CEST

Original text of this message