It’s Oracle patch time again
Jan 10, 2008 / By Marc Fielding
It’s yet again time for Oracle’s critical patch update (CPUJAN2008). The update will be released on Tuesday January 15, and as of yet there are no details on exactly what vulnerabilities have been found, but the description page mentions that the following products have unauthenticated remotely-exploitable issues discovered:
- Oracle Application Server (5)
- Oracle E-Business Suite (3)
- Oracle Enterprise Manager (1)
- PeopleSoft Enterprise (1)
So especially for you folks running the above products, start planning your maintenance windows!
Marc, do your customers really apply these CPU’s? Or how many of them?
I do not think people are applying these, I have never met someone who applied them. Sure this does not mean nobody is applying them :-)
http://oracledoug.com/serendipity/index.php?/archives/1330-The-Reality-Gap-1-Software-Maintenance.html
Hi Yasin, how often these patches are applied depends a lot on the downtime tolerance of the environment; I’d have to say that for the clients I normally work with it’s a minority though, due to the downtime requirements.
However, some of the remote exploits in the past are pretty serious, so I do think it’s important for DBA’s to be aware the risks they’re taking on by not applying them.
Marc
Pingback: Doug's Oracle Blog
Just to add some balancing argument to my previous blog post … I see that the CPU debate has popped up properly. (It must have – I had a journalist email me to comment on the subject!)
http://oracledoug.com/serendipity/index.php?/archives/1377-CPUs-again-….html
Personally I think sites should apply CPUs but, if they aren’t, let’s talk about that honestly and look at the reasons why they aren’t.
Some more comment …
A small point in that comments, I originally had the link after the last line. It made sense, then ;-)