Oracle Critical Patch Update - Abril 2007

Entre outros fixes:

"13 new security fixes for the Oracle Database. Additionally, 1 new security fix for Oracle Enterprise Manager, 1 new security fix for Oracle Workflow Cartridge, and 1 new security fix for the Ultra Search component affect code bundled with the Oracle Database. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password."

1 new security fix for Oracle Secure Enterprise Search, which is a separate product that is not installed with the Oracle Database. The Oracle Database Ultra Search component contains code also present in the Oracle Secure Enterprise Search product, and both are potentially vulnerable.

2 new database vulnerabilities addressed by this Critical Patch Update, DB11 and DB13, affect Oracle Database client-only installations (installations that do not have the Oracle Database installed). They are potentially exploitable where a privileged operating system process is passing input from an unprivileged source to the affected program. Oracle recommends applying this Critical Patch Update to client-only installations which may be using the affected programs in this way, or which are affected by client-only issues fixed in prior Critical Patch Updates if the prior patches have not been applied.

This Critical Patch Update contains 5 new security fixes for Oracle Application Server. 1 Oracle Workflow Cartridge fix and 1 Oracle Secure Enterprise Search fix also affect Oracle Application Server. 2 vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. No new fixes are applicable to client-only installations, i.e. installations that do not have Oracle Application Server installed.