Just in case you might have missed it, Oracle released an major security update yesterday. The patch contains 43 fixes.
I’m wondering, how many people diligently apply these patches? Frequently I see environments where the database is long overdue for a patch set. How about your environment?
From Network World:
Sixteen of the patches are for various database versions. The most severe vulnerability, which affects versions 9.2.0.8 and 9.2.0.8DV, “can potentially allow an attacker to gain full control of a vulnerable server,” according to a post on Oracle’s global product security blog. Other patches are for various 10g and 11g versions.
For a run down of the problems addressed, here are a list of the advisories from Secunia.
Oracle Products Multiple Vulnerabilities | Secunia
Oracle BEA WebLogic Products Multiple Vulnerabilities | Secunia
Oracle BEA WebLogic Portal Privilege Escalation | Secunia
For the full CPU posting from Oracle you can find that here.