You are here

T-605: Oracle Critical Patch Update Advisory - April 2011

April 19, 2011 - 4:13am

Addthis

PROBLEM:

Oracle Critical Patch Update Advisory - April 19 2011.

PLATFORM:

Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications, JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools, Siebel Enterprise, Oracle Industry Applications and Oracle VM patches.

ABSTRACT:

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required because of interdependencies by those security patches. Critical Patch Updates are cumulative.

reference LINKS:

Oracle Critical Patch
Oracle Appendix
Critical Patch Updates and Security Alerts

IMPACT ASSESSMENT:

High

Discussion:

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 66 new security fixes across all product families listed.

Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by blocking network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from users that do not need the privileges may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.

Oracle products may have dependencies on other Oracle products. Hence security vulnerability fixes announced in this Critical Patch Update may affect one or more dependent Oracle products.

Oracle proactively creates patches only for platform/version combinations that, based on historical data, customers are likely to download for the next Critical Patch Update. Patches for historically inactive platform/version combinations of the Oracle Database, Oracle Application Server and Enterprise Manager will be created only if requested by customers.Refer to Patch Set Update and Critical Patch Update April 2011 Availability Documentation for further details regarding the On Request patches.

Solution:

Oracle Critical Patch Update (CPU) is a bundle of patches released on a quarterly basis to provide security fixes for Oracle products.

For each administered Oracle product, consult the documentation for patch availability information and installation instructions referenced from the following table. For an overview of the Oracle product documentation related to this Critical Patch Update, please refer to the Oracle Critical Patch Update April 2011 Documentation.
Oracle Critical Update

Addthis