Details Oracle Critical Patch Update April 2007 - V1.05
If you are interested to get the latest information of the Oracle CPU April 2007
you can now subscribe to our newsletter .
Additional information will be added soon.
With this CPU Oracle has fixed 36 security bugs in various Oracle products and components. The oldest bug which is fixed in this CPU is from 2003. It is necessary to apply this CPU on every Oracle Client installation to avoid the DB11.
The Oracle database patches are fixing 13 security bugs. The most critical security bug for Windows databases is DB01 which allows remote exploitation without usercredentials. The CVSS rating for this bug is 7.0. For Unix and Windows users one critical bug (DB05) is related to the database logon trigger mechanism. It's possible to bypass database logon trigger if the CPU April 2007 is not applied.
Keep in mind that there are no patches for Oracle XE for Windows. The remote exploitable bug (DB01) is and will be unfixed in XE (like many other critical issues). Oracle is not planning to release patches for XE.
Oracle fixes also 2 new security problems in the Oracle Enterprise Manager, 1 in Oracle Workflow Cartridge and 1 in the Ultrasearch.
Fixed security vulnerabilities in Oracle PL/SQL-Packages:
The following table contains a mapping of Oracle vuln to the CVE numbers.
Oracle Application Server / APPS /Peoplesoft
© 2007 by Red-Database-Security GmbH - last update 19-April-2007