Peaches Posted January 15, 2009 Report Share Posted January 15, 2009 14 January 2009, 09:25Numerous security updates from Oracle Oracle has released its Critical Patch Update (CPU) for January 2009, fixing a total of 41 vulnerabilities in many of its products. Twenty of the vulnerabilities are found in Oracle's database products, while others are found in Oracle's Secure Backup and TimesTen DataServer. Some of the holes in Secure Backup are classified as critical as they are remotely exploitable without authentication. According to Alexander Kornbrust of Red Database Security, one of the database holes (CVE-2008-5437) allows a user with execute privileges on dbms_ijob to circumvent Oracle Auditing completely, allowing data to be changed with no record of the changes being logged. For a complete overview of the holes and affected products, see the patch advisory from Oracle. See also: Oracle's advisory - http://www.oracle.com/technology/deploy/se...cpujan2009.html (djwm) Heise security: http://www.heise-online.co.uk/security/Num...e--/news/112413 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.