ITEC Newsletter
Vol. 11, No. 3
February 18, 2003

Table of Contents

  1. Oracle Security Alerts

  2. Linking SQR 4.3.5 against Oracle 9.2.0.2 on Alpha OpenVMS

  3. Oracle Product Obsolescence Desupport Notices


1. Oracle Security Alerts

Oracle has just released security alerts 48-52. Descriptions, patches and/or workarounds are available on the ITEC FTP site.

Oracle Security Alert #48 Dated: 11 February 2003 Severity: 1 Buffer Overflow in DIRECTORY parameter of Oracle9 i Database Server (Document ID: 229284.1)

Oracle Security Alert #49 Dated: 11 February 2003 Severity: 1 Buffer Overflow in TZ_OFFSET function of Oracle9 i Database Server (Document ID: 229285.1)

Oracle Security Alert #50 Dated: 11 February 2003 Severity: 1 Buffer Overflow in TO_TIMESTAMP_TZ function of Oracle9 i Database Server (Document ID: 229286.1)

Oracle Security Alert #51 Dated: 11 February 2003 Severity: 1 Buffer Overflow in ORACLE.EXE binary of Oracle9 i Database Server (Document ID: 229287.1)

Oracle Security Alert #52 Dated: 11 February 2003 Severity: 2 Two Vulnerabilities in Oracle9 i Application Server (Document ID: 229288.1)

Submitted by Joe Lofft (scadm@itec.mail.suny.edu)


2. Linking SQR 4.3.5 against Oracle 9.2.0.2 on Alpha OpenVMS

Due to a bug in Oracle 9.2.0.2 and Brio's termination of support for SQR on the OpenVMS platform, the following steps will need to be taken in order to compile SQR 4.3.5 against Oracle 9.2.0.2 on Alpha OpenVMS.

Please note that this is an unsupported configuration, use at your own risk.

1. Install Oracle patch 2760856. This patch is available via the ITEC FTP server:

ftp.itec.suny.edu

username: sunydbas
password: {contact ITEC if you don't know it}
directory: \vms_oracle9.2.0.2patches
file: p2760856_9202_AXP.zip

2. Modify the [SQR435.ORA.LIB]MAKE8.COM file and replace all occurrences of @ORA_UTIL:LNOCIC with @ORA_SYSTEM:LNOCIC.

3. Run ORAUSER.COM and MAKE8.COM. SQR should link without any problems.

Submitted by Joe Lofft (scadm@itec.mail.suny.edu)


3. Oracle Product Obsolescence Desupport Notices

Please see the attached notices on Oracle’s Product Obsolescence Desupport Notice for:

Product:                          Oracle9i Application Server
Product Version:            1.0.2.1
Platforms:                       All Platforms
Platform Versions:         All

and

Product:                        Oracle9i Application Server
Product Version:          1.0.2.0
Platforms:                      All Platforms
Platform Version:         All

Submitted by Dan Brint (scadm@itec.mail.suny.edu)

 

Editor:  Barbara A. Boquard

Barb.Boquard@itec.mail.suny.edu

ITEC's General Office

716/878-ITEC (4832)

Operations

716/878-5122

FAX

716/878-3485

Web Page

http://www.itec.suny.edu

 


ITEC Home