While writing a post about the new Critical Patch Advisory I’ve discovered, that Oracle made the Information about the OpenSSL Vulnerability publicly available. The information in MOS Note 1645479.1 has been moved to OpenSSL Security Bug – Heartbleed CVE-2014-0160. Until now it looks like that Oracle Databases are not affected since they do not use […]
↧
Update: Oracle and OpenSSL ‘Heartbleed’ vulnerability
↧
Audit Vault and Database Firewall 12.1.2
Oracle has just released a new Release of its Oracle Audit Vault and Database Firewall. The new release is immediately available on Oracle’s Software Delivery Cloud. It look’s like Oracle added a bunch of Enterprise-Grade Features like iSCSI SAN Disk, NFS Storage as well as SYSLOG integration. Starting with this Release, the Audit Vault Repository […]
↧
↧
Trivadis PL/SQL & SQL CodeChecker
A couple of days ago Trivadis released the Trivadis PL/SQL & SQL CodeChecker (tvdcc) as SQL Developer Extension. TVDCC does check the editor content for compliance violations of the Trivadis PL/SQL & SQL Coding Guidelines Version 2.0. Quote from the blog post of my work colleague: Furthermore McCabe’s cyclomatic complexity, Halstead’s volume, the maintainability index […]
↧
AVDF installation ISO
Due to some problems during the installation of Oracle Audit Vault and Database Firewall 12.1.2 (see AVDF installation fails on HP server with Smart Array Disk Controller), I’ve looked at the AVDF ISO image and its kickstart setup. AVDF 12.1.2 is based on Oracle Enterprise Linux 5.9. To setup or upgrade AVDF it is required […]
↧
AVDF installation fails on HP server with Smart Array Disk Controller
I’ve successfully set up a couple of AVDF installation on different VM Server as well on HP Blade or Rack servers. On the VM server I never had any problems. For the installation of AVDF 12.1.1.x on HP servers BL465c Gen8 or DL380p Gen8, there were always warnings during partitioning of the disks. So far […]
↧
↧
Update: AVDF installation fails on HP server with Smart Array
A couple of days ago I’ve wrote about some problems when installing Oracle Audit Vault and Database Firewall 12.1.2 on HP server with Smart Array Disk Controller. The problem is still not resolved, but in the meantime Oracle has open a Bug and added some Metalink Notes related to this issue. AVDF 12.1.1 Installation Fails […]
↧
Oracle passwords and special characters
As commonly known passwords should have a certain complexity. Thereby it is common to use special characters, numbers, lower and uppercase characters. Depending on the type of special characters Oracle require that the password is enclosed in double quotation marks. Oracle does provide a guideline for Securing Passwords in the Oracle® Database Security Guide. So […]
↧
Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 1
Earlier today, Oracle has released the first Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded on Oracle Metalink as Patchset 18728905 for existing installations or on Oracle eDelivery as full installation image for new installations. The installation image is split in two parts which need to be merged before […]
↧
Oracle CPU / PSU Pre-Release Announcement July 2014
Oracle has published the Pre-Release Announcement for the July 2014 Critical Patch Update. It looks like that the next Critical Patch Update is somewhat more extensive from the database point of view. It does contain six bug fix for some major security issues. Some of the vulnerabilities may be remotely exploitable without authentication. The security […]
↧
↧
Secure External Password Store for RMAN
The draft version of this blog post is lying around for some time in my inbox. I've never found time to finish it. But due to a task in a project it's about time to finish my notes on Oracle's Secure External Password Store. Ludovico, a work colleague has already written a blog post about Removing passwords from Oracle scripts earlier this year. I would like to complement the topic and discuss a few points specifically in connection with RMAN Backup's and a central RMAN catalog. The goal remains the same, getting rid of passwords with a minimal operational effort.
↧
Oracle 12.1.0.2.0 Patchset released
Oracle has released the first patchset 12.1.0.2.0 for Oracle 12c Release 1. Or at least partially released on Oracle Software Delivery Cloud eDelivery.oracle.com. So far the patch set is only available for Linux x86-64bit, Oracle Solaris on SPARC 64bit and Oracle Solaris on x86-64bit. I will update this post and provide more information as soon […]
↧
Update: Oracle 12.1.0.2.0 Patchset released
I finally found some time to update my blog post on Oracle 12.1.0.2.0 Patchset released. Beside the list of new features, I have included a number of links related to this patch set.
↧
Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 2
End of last week, Oracle has released the second Bundle Patch for Audit Vault and Database Firewall 12.1.2. I’ve missed the release due to public holiday here in Switzerland. The patch can be downloaded as usual on Oracle Metalink as Patchset 19190265 for existing installations or on Oracle eDelivery as full installation image for new […]
↧
↧
Oracle CPU / PSU Pre-Release Announcement January 2015
Oracle has published the Pre-Release Announcement for the first Critical Patch Update in 2015. This Critical Patch Update contains 167 new security vulnerability fixes across all Oracle products. It looks like that this CPU does contain a bunch of critical security fixes for Oracle databases. Actually there are 7 fixes for security vulnerabilities, but none […]
↧
Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 5
Today Oracle released the new Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded as usual on Oracle Metalink as Patchset 20829881 for existing installations. The full installation image for new installations is not yet available on Oracle eDelivery. I guess this will follow in a couple of days. Beside […]
↧
DOAG SIG Security Munich 2015
Just finished my presentation about Unified Audit at the DOAG SIG Security in München. It is about Oracle Unified Audit and a few considerations for migrating old standard audit to new policy based unified audit. The slides are available for download . Some impression for the event and my presentation.
↧
Oracle CPU / PSU Pre-Release Announcement July 2015
Oracle has published the Pre-Release Announcement for the July Critical Patch Update. This Critical Patch Update contains 193 new security vulnerability fixes across all Oracle products. It looks like that this CPU does contain a bunch of critical security fixes for Oracle databases. Actually there are 10 fixes for security vulnerabilities, 2 of them are […]
↧
↧
Memory Leak in Network Checksum with new SHA-2 Functions
I’ve just stumbled over an issue with the new checksum algorithm introduced with Oracle 12c. It seams that in certain situation the new SHA-2 function cause a memory leak. A search on My Oracle Support revealed that there is a Bug on AIX. See Bug 19451972 MEMEORY LEAKS WITH SHA512, SHA384, SHA256 ENTRIES IN SQLNET.CRYPTO_CHECKSUM […]
↧
WALLET_LOCATION in sqlnet.ora for Container Databases
Recently I’ve setup Oracle Enterprise User Security (EUS) with Oracle Unified Directory (OUD) on my favorite linux test system. Among regular 11.2.0.4 and 12.1.0.2 databases I do also have a 12.1.0.2 Container Database. EUS work like a charm on the regular databases but not on the PDB. SQL> conn soe Enter password: ERROR: ORA-28305: WALLET_LOCATION […]
↧
Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 7
Today Oracle released the new Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded as usual on Oracle Metalink as Patchset 21920205 for existing installations. The full installation image for new installations is not yet available on Oracle eDelivery. I guess this will follow in a couple of days. Beside […]
↧