lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 18 Oct 2006 09:18:39 -0500
From: Paul Schmehl <pauls@...allas.edu>
To: David Litchfield <davidl@...software.com>,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
	dbsec@...elists.org, ntbugtraq@...tserv.ntbugtraq.com
Subject: Re: Analysis of the Oracle October 2006 Critical
 Patch Update

Thanks, David, for your always enlightening (and depressing if you use 
Oracle products) reports on the unbreakable database.

--On Wednesday, October 18, 2006 07:55:35 +0100 David Litchfield 
<davidl@...software.com> wrote:

> Hey all,
> I've just posted an analysis of the 22 Oracle RDBMS flaws patched by the
> October 2006 Critical Patch Update that was released yesterday:
> http://www.oracle.com/technology/deploy/security/critical-patch-updates/c
> puoct2006.html.  Further, it's a shame to see that, after a promising
> July 2006 CPU where  Oracle had all the patches ready *on time*, they
> have slipped back into  their old, bad habits - patches are not ready for
> a number of platforms. I  thought they'd solved those issues - but
> clearly not. You can get a copy of  the analysis from
> http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf,
> Cheers,
> David Litchfield
> NGSSoftware Ltd
> http://www.ngssoftware.com/
> +44(0) 208 401 0070
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/



Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Content of type "application/pkcs7-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ