[From The Register
Oracle admins are in for a busy time with the publication of no less than six vulnerabilities over the last week.
Four of the vulnerabilities are buffer overflow flaws affecting various components of Oracle9i Database Server. Then there's two flaws affecting Oracle9i Application Server, which pose denial of service risks... or worse.
Some are potentially very nasty indeed. Oracle describes them as critical and that's not the half of it...
The buffer overflows in Database server involve: the ORACLE.EXE binary, the TO_TIMESTAMP_TZ function, the TZ_OFFSET function and DIRECTORY parameter of Oracle9i Database Server.
The article continues at