In association with heise online

14 January 2009, 08:25

Numerous security updates from Oracle

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Oracle has released its Critical Patch Update (CPU) for January 2009, fixing a total of 41 vulnerabilities in many of its products. Twenty of the vulnerabilities are found in Oracle's database products, while others are found in Oracle's Secure Backup and TimesTen DataServer. Some of the holes in Secure Backup are classified as critical as they are remotely exploitable without authentication.

According to Alexander Kornbrust of Red Database Security, one of the database holes (CVE-2008-5437) allows a user with execute privileges on dbms_ijob to circumvent Oracle Auditing completely, allowing data to be changed with no record of the changes being logged.

For a complete overview of the holes and affected products, see the patch advisory from Oracle.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit