On the 17th April 2007 Oracle released their 10th Critical Patch Update. This brief discusses the database flaws and EM01 which relates to the Intelligent Agent. Many of the flaws being patched are old issues. For example, DB01 relates to an issue first reported to Oracle in 2002 and another in June 2004. This may indicate that Oracle are now in a position where they can “clear the backlog” indicating that most of the more important flaws have been found and patched. If this is correct then we should see smaller patches being released in future CPUs. That said, between myself, Paul Wright and Mark Litchfield, NGSSoftware has reported a further 39 issues that are still awaiting a patch many of which we would rate as high risk. NGSSQuirreL for Oracle can positively identify these flaws in a database server.
Author: David Litchfield