We have released our quarterly Oracle E-Business Suite Impact analysis for the Oracle Critical Patch Update (CPU) October 2006. This analysis looks at the CPU from an Oracle E-Business Suite perspective and provides additional details on the fixed vulnerabilities and a patching strategy for the Oracle Database, Oracle Application Server, Oracle Developer 6i, Oracle JInitiator, and Oracle Applications 11i.
This quarter is the same as the previous seven with many patches and long hours in order to get all the security patches applied in a timely manner. The biggest challenge for many will be the mandated requirement of ATG_PF.H RUP3 or RUP4 for all 11.5.10 to 11.5.10 CU2 implementations. On the positive side, most of the Oracle Applications patches are for security weaknesses (like storing some ancillary passwords in plain-text) rather than critical and readily exploitable security vulnerabilities.
The Oracle E-Business Suite Impact analysis is available here.