n addition to the Java vulnerabilities that I covered earlier, there is at least one more vulnerability that warrants attention. CVE-2013-3751, a problem in the XML parser of Oracle Database. Reading the description, I had a bit of a déjà-vu, also because of the CVE number from last year. And digging into past alerts, I found that, yes, this has indeed been patched before:
Looks like the Oracle 12 code was forked before the 11g patch went in, and nobody ported it over, so Oracle 12 remained exposed to the same bug until now. This speaks volumes about Oracle's software development life cycle and security processes... Dear Larry Ellison: how about writing a "Trustworthy Computing" memo for your staff, and then following through on it? I'm sure Bill Gates won't mind much if you simply copy his from 2002 and do a little search-and-replace.
For other untrustworthy computing features brought to you by this month's CPU patch bundle, see https://blogs.oracle.com/security/ andhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
'취약점 정보1' 카테고리의 다른 글
OpenSSL Security Advisory (0) | 2014.08.08 |
---|---|
Cisco IOS 와 IOS XE Software EnergyWise 서비스 거부 공격 보안업데이트 권고 (0) | 2014.08.08 |
2014-07-07 취약점 정리 (0) | 2014.07.07 |
2014-06-28 취약점정리 (0) | 2014.06.28 |
Cisco IOS 서비스 거부 취약점 보안 업데이트 권고 (0) | 2014.06.27 |