The Triora Group

Oracle E-Business Suite and the Oracle Database

The Triora Group header image 2
Pointers to WebADI Information The Acronymists at Oracle Have Come Out With a New One: CPC - Critical Patch Collections

Oracle Critical Patch Updates for this Quarter

October 15th, 2008 by Robert McMillen · No Comments

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of inter-dependencies) by those security patches. Critical Patch Updates are cumulative (with some exceptions) but each advisory describes only the security fixes added since the previous Critical Patch Update.

The Critical Patch Update for October 2008 was released yesterday (October 14, 2008).  This Critical Patch Update contains 36 new security fixes across all products.  As always, Oracle strongly recommends applying the patches as soon as possible.

Here are some highlights:

  • This CPU is the Terminal Critical Patch Update for Oracle Application Server 9.0.4.3, Oracle Enterprise Manager Grid Control 10.2.0.3, Oracle Application Server 10.1.2.2, Oracle Database 10.2.0.3, Oracle Application Server 10.1.3.3, and, Database 11.1.0.6.
  • It contains 15 new security fixes for the Database Suite.  1 of these vulnerabilities may be remotely exploitable without authentication.
  • It contains 6 new security fixes for the Application Server Suite.  2 of these vulnerabilities may be remotely exploitable without authentication.  3 of these fixes are applicable to client-only installations, i.e. installations that do not have Oracle Application Server installed.
  • It contains 4 new security fixes for the Applications Suite.  2 of these vulnerabilities may be remotely exploitable without authentication.

The Critical Patch Update Advisory is the starting point for relevant information. It includes the list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities for each product suite, and links to other important documents. Supported products that are not listed in the “Supported Products and Components Affected” section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

You can read more about this CPU at: http://www.oracle.com/technology/deploy/security/alerts.htm

The next four Critical Patch Update release dates will be:

  • January 13, 2009
  • April 14, 2009
  • July 14, 2009
  • Oct 13, 2009

Happy Patching!

If you enjoyed this post, make sure you subscribe to my RSS feed!

Tags: Critical Patch Update · Database · E-Business Suite · Oracle · Patch

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment