Re: FW: [VulnWatch] Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i

  • From: Pete Finnigan <oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Tue, 18 Jan 2005 21:25:08 +0000


The Oracle advisory is out and its a big improvement on the last one and
previous ones. There is a risk matrix and information about each bug
that is fixed. Even some de supported versions are patched as well. The
advisory is here
u-jan-2005_advisory.pdf and also if anyone is interested, i have just
talked about it in my Oracle security weblog which you can find at

kind regards


In article <c493WfAD6W7BBxOA@xxxxxxxxxxxxxxxxxxxxxxxxx>, Pete Finnigan
<oracle_list@xxxxxxxxxxxxxxxxxxxxxxxxx> writes
>Hi Ruth,
>This is related to the first quarterly patch set release. NGS are
>probably one of many researchers who have found security bugs that are
>to be fixed in this patch. I have not checked for 30 minutes or so, but
>there was no news of the patch release or advisory from Oracle yet. NGS
>posted this at 3:30PM UK time probably in anticipation of the well
>announced Jan 18 patch release.
>Kind regards

Pete Finnigan (email:pete@xxxxxxxxxxxxxxxx)
Web site: - Oracle security audit specialists
Oracle security blog:
Book:Oracle security step-by-step Guide - see for details.


Other related posts: