Full Disclosure mailing list archives
Re: Analysis of the Oracle October 2006 Critical Patch Update
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 18 Oct 2006 09:18:39 -0500
Thanks, David, for your always enlightening (and depressing if you use Oracle products) reports on the unbreakable database.
--On Wednesday, October 18, 2006 07:55:35 +0100 David Litchfield <davidl () ngssoftware com> wrote:
Hey all, I've just posted an analysis of the 22 Oracle RDBMS flaws patched by the October 2006 Critical Patch Update that was released yesterday: http://www.oracle.com/technology/deploy/security/critical-patch-updates/c puoct2006.html. Further, it's a shame to see that, after a promising July 2006 CPU where Oracle had all the patches ready *on time*, they have slipped back into their old, bad habits - patches are not ready for a number of platforms. I thought they'd solved those issues - but clearly not. You can get a copy of the analysis from http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf, Cheers, David Litchfield NGSSoftware Ltd http://www.ngssoftware.com/ +44(0) 208 401 0070 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Analysis of the Oracle October 2006 Critical Patch Update David Litchfield (Oct 18)
- Re: Analysis of the Oracle October 2006 Critical Patch Update Paul Schmehl (Oct 18)