Sven’s Technik-Blog

Einiges über Oracle, Security, Linux, … und auch über mich

  • Categories

  • Archives

  • Tag Cloud

  • Login
« The big change…
Oracle Database Vault 10g Release 2 (10.2.0.4.0) »

Oracle Critical Patch Update April 2008: Pre-Release Advisory

Posted by Sven Vetter on April 10th, 2008

Here is the first information about the next CPU.

Database:

  • This CPU contains 17 new security fixes (including 2 for Oracle Application Express)
  • The highest CVSS base score of vulnerabilities is 6.6.
    This is regarded as a high risk.
  • Some very critical components are affected:
    • Audit
    • Authentication
    • Core RDBMS
    • Data Pump
    • Export
    • Oracle Net Services
    • Query Optimizer
    • ...
  • This CPU includes fixes for Oracle Database 11g too.

Oracle Application Server:

  • This CPU contains 3 new security fixes
  • All of these vulnerabilities may be remotely exploited without authentication!
  • The highest CVSS base score of vulnerabilities is 9.3 for clients and 6.6 for servers.
    This is regarded as a very high risk.

Oracle Enterprise Manager:

  • This CPU contains 1 new security fix (in the Oracle Agent)
  • The CVSS base score of vulnerability is 6.6.
    This is regarded as a high risk.

Tags: , ,
This entry was posted on Thursday, April 10th, 2008 at 23:07 and is filed under CPU, Oracle, Security, TrivadisContent. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« The big change…
Oracle Database Vault 10g Release 2 (10.2.0.4.0) »