It’s Oracle patch time again

Posted in: Technical Track

It’s yet again time for Oracle’s critical patch update (CPUJAN2008). The update will be released on Tuesday January 15, and as of yet there are no details on exactly what vulnerabilities have been found, but the description page mentions that the following products have unauthenticated remotely-exploitable issues discovered:

  • Oracle Application Server (5)
  • Oracle E-Business Suite (3)
  • Oracle Enterprise Manager (1)
  • PeopleSoft Enterprise (1)

So especially for you folks running the above products, start planning your maintenance windows!

Interested in working with Marc? Schedule a tech call.

About the Author

Marc is a passionate and creative problem solver, drawing on deep understanding of the full enterprise application stack to identify the root cause of problems and to deploy sustainable solutions. Marc has a strong background in performance tuning and high availability, developing many of the tools and processes used to monitor and manage critical production databases at Pythian. He is proud to be the very first DataStax Platinum Certified Administrator for Apache Cassandra.

5 Comments. Leave new

Marc, do your customers really apply these CPU’s? Or how many of them?

I do not think people are applying these, I have never met someone who applied them. Sure this does not mean nobody is applying them :-)


Hi Yasin, how often these patches are applied depends a lot on the downtime tolerance of the environment; I’d have to say that for the clients I normally work with it’s a minority though, due to the downtime requirements.

However, some of the remote exploits in the past are pretty serious, so I do think it’s important for DBA’s to be aware the risks they’re taking on by not applying them.


Doug's Oracle Blog
January 12, 2008 8:33 am

[…] experts. (Which isn’t to say that I think that’s a good thing!)Oh, and lest anyone forget, it’s CPU time again.Possibly my favourite of the bunch, though, was Glenn Fawcett’s Organizational stove-pipes […]


Just to add some balancing argument to my previous blog post … I see that the CPU debate has popped up properly. (It must have – I had a journalist email me to comment on the subject!)….html

Personally I think sites should apply CPUs but, if they aren’t, let’s talk about that honestly and look at the reasons why they aren’t.

Some more comment …


A small point in that comments, I originally had the link after the last line. It made sense, then ;-)


Leave a Reply

Your email address will not be published. Required fields are marked *