Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Details Oracle Critical Patch Update July 2007 - V1.01

If you are interested to get the latest information of the Oracle CPU July 2007
you can now subscribe to our newsletter .

Additional information will be added soon.




With this CPU Oracle has fixed 45 security bugs in various Oracle products and components. It is not necessary to apply this CPU on every Oracle Client installation.

The Oracle database patches are fixing 19 security bugs. One of the critical problems is the possibility to bypass access control via a specially crafted database view.


Oracle fixes also 4 new security problems in the Oracle Application Server, 1 in Oracle Collaboration Suite, 14 in Oracle E-Business Suite and 8 vulnerabilities in Peoplesoft components.

Fixed security vulnerabilities in Oracle PL/SQL-Packages:

Package

Function/Procedure

Granted to

Vulnerability/ Change

  DB01
DBMS_PRVTAQIS DB02
DB03
DB04
DB05
DB06
DB07
DB08
DB09
DB10
DB11
DB12
DB13
DB14
DB15
DB16
DB17




The following table contains a mapping of Oracle vuln to the CVE numbers.



Oracle Vuln

CVE#

Vulnerability-Type

DB01
[DB02]
DB03 Buffer Overflow
DB04
DB05
DB06
DB07
DB08
DB09
DB10
DB11
DB12 Buffer Overflow
DB13
DB14
DB15
DB16
[DB17] Bypass Privileges
[APEX01] SQL Injection

Oracle Application Server / APPS / Peoplesoft

Oracle Vuln

CVE#

Vulnerability-Type

 



References

History
  • 17-jul-2007 - 1.00 - Initial version
  • 18-jul-2007 - 1.01 - Link to Imperva Advisory added

2007 by Red-Database-Security GmbH - last update 18-July-2007