How to deal with Oracle patches?

Published: 2006-04-19
Last Updated: 2006-04-19 17:03:34 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Steve, who is using PeopleSoft, started to get exposed to Oracle's patches. He writes:

"I'm the security admin for a organization which uses PeopleSoft, which of course was purchased by Oracle last eyar. This meant, unfortunately, that I had to start subscribing ot the Oracle Critical Patch Update. [...] I've never figured out how to get actual details on the vulnerabilities it lists.
[...]
Maybe one [of your diary readers] can offer a tutorial or some tips"

Let us know if you have any pointers. I will add hints, URLs and other help to this diary. Among our group of handlers, we have kind of given up on covering Oracle patches due to the large number and missing details in advisories (plus, its not all that easy to get the advisories in the first place).

Kilynn writes that you can signup for notifications at http:/www.oracle.com/technology/deploy/security/alerts.htm . This will also provide access to the "Risk Matrix" which should also help in applying the patches. However, to know more you need to signup for a "MetaLink" account, which appears to be reserved for Oracle customers. (Actually the original poster, Steve, mentioned the risk matrix, but it wasn't too much help for him without details to adjust it for his environment. It wasn't clear to him how to get access to MetaLink as a former PeopleSoft customer).

Keywords:
0 comment(s)

Comments


Diary Archives