Tag: Patch
-
End of Oracle 10gR2 Premier Support
Ronny Egner’s post reminded me that when you come back to work next week, Oracle 10gR2 will be in Extended Support. Luckily for all of us (who can say they have no more 10g databases?), Oracle doesn’t charge their customers for the first year of Extended Support on Oracle 10gR2, so you’ll have another year to get off of 10.2.0.5, or start paying for Extended Support after 31.… Continued
-
Die Psychologie des Patchens
Die Digital Soapbox hat einen Artikel über The Psychology of Patching…
I’m not saying patching isn’t critical and important, don’t get me wrong – but it shouldn’t be as “all-important” as some people from our security realm would dictate.… Continued
-
Oracle Critical Patch Update January 2008
Das Oracle Critical Patch Update – January 2008 ist raus, und ich denke, wir Datenbänker können aufschnaufen. Betroffen sind praktisch nur Add-On Komponenten wie XML-DB, Advanced Queuing, Spatial und UltraSearch. Einzig DB05 betrifft Upgrade/Downgrade, und ist über Oracle Net exploitable.… Continued
-
Critical Patch Update January 2008 Pre-Release Announcement
Das Oracle Critical Patch Update Pre-Release Announcement – January 2008 ist da, und alle Experten schreiben dasselbe:
- Zum ersten Mal mit 11g Patches
- Nur 8 DB Patches, kein Remote Exploit
- Aber einer davon kritisch (CVSS 2 Rating von 6.5)
Die Experten sind: Sven Vetter, Alex Kornbrust, und Stephen Kost.… Continued
-
Oracle Security Patching Survey
David Litchfield in einer Mail an dbsec:
I’m seeking answers from Oracle DBAs and professionals about their feelings on security patches was hoping as many of you as possible would take the time to answer the 6 questions here : http://www.databasesecurity.com/survey.htm – I’d really appreciate it!… Continued
-
Critical Patch Update October 2007 Pre-Release Announcement
Oracle hat das Critical Patch Update October 2007 Pre-Release Announcement veröffentlicht, und Stephen Kost von Integrigy hat es analysiert:
There are 5 remotely exploitable without authentication vulnerabilities, which are not typical of previous database vulnerabilities.… Continued
-
July 2007 CPU Pre-Release Announcement
Oracle Critical Patch Update – July 2007 Pre-Release Announcement:
This Critical Patch Update contains 20 new security fixes for the Oracle Database including 1 new security fix for Application Express. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e.… Continued
-
Oracle CPU Announcement – April 2007
Oracle hat den Oracle CPU April 2007 released. Die befürchtete Schwemme an ultrakritischen Vulnerabilities ist auf Windows beschränkt, wenigstens was die Datenbank betrifft.
-
Oracle CPU Pre-Release Announcement – April 2007
Das Oracle Critical Patch Update Pre-Release Announcement – April 2007 ist da. Viel weniger Vulnerabilities als gewöhnlich, aber dafür in praktisch jedem Produkt inklusive der Datenbank zwei remotely exploitable, and authentication not required vulnerabilities, also klassiche Remote Exploits, die sofort gepatcht werden müssen.… Continued