Re: Security Alert #68 - Have to upgrade versions prior to 9.2.0. 4
- From: Paul Drake <bdbafh@xxxxxxxxx>
- To: dwagoner@xxxxxxxxxxxxxxxxxx
- Date: Fri, 15 Oct 2004 12:55:50 -0400
David,
IMHO, 9.2.0.3 was not even production-grade, as something as simple as
an export would fail, and there was a remote exploit for the XDB
listener. There are likely many more issues, but those were enough for
me. We waited for 9.2.0.4 to upgrade production from 8.1.7.4.x.
9.2.0.3 was not addressed by Alert #68, but is vulnerable.
I'd suggest that you re-read whatever you read prior - and read the
FAQ for this alert.
It was good for you to ask for a sanity check.
Users should not be running 9.2.0.3, and should be running either
9.2.0.4 or 9.2.0.5 with the approprirate patchsets covered by Alert
#68 in place.
Just my opinion, though - and I might not be the best individual for a
sanity check :)
Paul
On Fri, 15 Oct 2004 11:21:19 -0400, David Wagoner
<dwagoner@xxxxxxxxxxxxxxxxxx> wrote:
> Okay, after reading all of the Security Alert #68 notes I could find on
> MetaLink, I believe that the most stable release of Oracle 9iR2 is version
> 9203. I say this because it is supposedly not affected by Security Alert
> #68 (the alert says that the only 9iR2 versions affected are 9204 and 9205)
> and it has the fewest number of serious bugs (see Note:189908.1 to compare
> bugs by version). (BTW, check out this serious index corruption bug in 9205
> related to LMTs and ASSM- Bug# 3785200. Recommendation is to NOT use ASSM!)
> So, I plan to upgrade affected versions to 9203 to avoid the security
> patches and other serious bugs. I'm referring to Sun Solaris 8.
>
> Will someone please provide a sanity-check and let me know if I'm reading
> this stuff correctly?
>
> David B. Wagoner
> Database Administrator
--
//www.freelists.org/webpage/oracle-l
Other related posts:
