Oracle CPU patch update for January 2013 release

Oracle has released it’s latest CPU (Critical Patch Update) for the last quarter of 2012.

This means admins and DBAs everywhere will be currently rolling out the latest patches to all of their DEV and QA environments to see what has changed and no longer works.

Link to the Oracle official announcement:
http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html

Of particular interest is CVE-2012-3220 (see: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3220 ) which is a vulnerability that looks to allow privilege escalation and access to the underlying OS and affects all latest versions of the Oracle Database.

The below article at threatpost.com has a lot more information on specific updates and some great discussion on particular patches:
http://threatpost.com/en_us/blogs/oracle-releases-86-patches-its-january-critical-patch-update-011613

 

Leave a Reply

Your email address will not be published. Required fields are marked *