From: "David Litchfield" <davidl@ngssoftware.com.>
To: <full-disclosure@lists.grok.org.uk.>, <bugtraq@securityfocus.com.>,
Subject: Analysis of the Oracle October 2006 Critical Patch Update
Date: Wed, 18 Oct 2006 07:55:35 +0100
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
x-mimeole: Produced By Microsoft MimeOLE V6.00.2900.2962
X-OriginalArrivalTime: 18 Oct 2006 06:57:07.0500 (UTC) FILETIME=[A0422EC0:01C6F282]
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hey all,
I've just posted an analysis of the 22 Oracle RDBMS flaws patched by the
October 2006 Critical Patch Update that was released yesterday:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html.
Further, it's a shame to see that, after a promising July 2006 CPU where
Oracle had all the patches ready *on time*, they have slipped back into
their old, bad habits - patches are not ready for a number of platforms. I
thought they'd solved those issues - but clearly not. You can get a copy of
the analysis from
http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf,
Cheers,
David Litchfield
NGSSoftware Ltd
http://www.ngssoftware.com/
+44(0) 208 401 0070
