[ISN] Oracle releases delayed Windows database patch

From: InfoSec News (alerts@private)
Date: Sun Apr 22 2007 - 22:16:09 PDT


http://www.infoworld.com/article/07/04/20/HNoraclereleaseswindbpatch_1.html

By Robert McMillan
IDG News Service
April 20, 2007

Oracle probably worried some DBAs earlier this week when it released its 
Critical Patch Update but neglected its most critical database flaw of 
the quarter for 9.2.0.8 users on the Windows platform. At the time, 
Oracle said this fix would come on April 30, but now it looks like 
Oracle has found a way to get the patch out.

Oracle's Eric Maurice made the announcement on Friday afternoon. So if 
you're running Oracle Database Server 9.2.0.8 on Windows you can rest a 
bit easier ... once you've finished testing.

Turns out that security researcher David Litchfield first discussed this 
flaw in November 2005. After Oracle released its Critical Patch Update 
this week, he published this research note, discussing this and a few 
other flaws that were patched this month. Litchfield, managing director 
of Next Generation Security Software, says he first reported the bug to 
Oracle in 2002.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Apr 22 2007 - 22:28:45 PDT