The latest quarterly Critical Patch Update for Oracle 10gR2 does not plug a hole that allows published attack code to run.

The recent Oracle exploit posted to Bugtraq (http://www.securityfocus.com/archive/1/431353) is actually an 0day and has no patch. The patch for 10g Release 2 for April 2006 Critical Patch Update does _not_ contain a fix for the […]