It’s yet again time for Oracle’s critical patch update (CPUJAN2008). The update will be released on Tuesday January 15, and as of yet there are no details on exactly what vulnerabilities have been found, but the description page mentions that the following products have unauthenticated remotely-exploitable issues discovered:
- Oracle Application Server (5)
- Oracle E-Business Suite (3)
- Oracle Enterprise Manager (1)
- PeopleSoft Enterprise (1)
So especially for you folks running the above products, start planning your maintenance windows!
5 Comments. Leave new
Marc, do your customers really apply these CPU’s? Or how many of them?
I do not think people are applying these, I have never met someone who applied them. Sure this does not mean nobody is applying them :-)
https://oracledoug.com/serendipity/index.php?/archives/1330-The-Reality-Gap-1-Software-Maintenance.html
Hi Yasin, how often these patches are applied depends a lot on the downtime tolerance of the environment; I’d have to say that for the clients I normally work with it’s a minority though, due to the downtime requirements.
However, some of the remote exploits in the past are pretty serious, so I do think it’s important for DBA’s to be aware the risks they’re taking on by not applying them.
Marc
[…] experts. (Which isn’t to say that I think that’s a good thing!)Oh, and lest anyone forget, it’s CPU time again.Possibly my favourite of the bunch, though, was Glenn Fawcett’s Organizational stove-pipes […]
Just to add some balancing argument to my previous blog post … I see that the CPU debate has popped up properly. (It must have – I had a journalist email me to comment on the subject!)
https://oracledoug.com/serendipity/index.php?/archives/1377-CPUs-again-….html
Personally I think sites should apply CPUs but, if they aren’t, let’s talk about that honestly and look at the reasons why they aren’t.
Some more comment …
A small point in that comments, I originally had the link after the last line. It made sense, then ;-)