It’s not the latest news, but still in the same week …
On January 19th Oracle released the first Critical Patch Update (CPU) for 2011. This CPU includes up to 66 security fixes across all product families. The number looks quite high, but thats just because SUN Products like Open Office and the SUN Product Suite covered as well by this CPU. For database server issues there are only 7 security fixes, where 5 fixes are for the Oracle Database Server, 1 is for Oracle Secure Backup and 1 for Oracle Audit Vault. The one for Oracle Audit Vault may be remote exploit without any authentication and has a CVSS score of 10. The highest CVSS score of the 5 security fixes for the Oracle Database Server is 7.5 which is still fairly high. I would therefor highly recommended to apply this security fix on Audit Vault installation and recommend to install it as well on Oracle Database Server as soon as possible.
In the next day’s I will install the CPU’s on some databases to test if there are any issues.
More information on the CPU and Oracle Security:
- Critical Patch Updates and Security Alerts)
- Oracle Critical Patch Update Advisory – January 2011
- Patch Set Update and Critical Patch Update January 2011 Availability Document [1263374.1]
- CERT Technical Cyber Security Alert TA06-109A