Oracle released the fourteenth Critical Patch Update (CPU) last week. This quarter is the same as the previous thirteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 20 of the 41vulnerabilities fixed impact the Oracle E-Business Suite. Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.
Integrigy discovered 8 of the 11 Oracle E-Business Suite vulnerabilities, which were reported to Oracle in November 2007.
This quarter does have a higher than average number of database vulnerabilities that can be exploited by lowly privileged database accounts, although even if it was just one vulnerability the database security patch should still be a priority.
Oracle continues the push to keep all customers on recent versions by only certifying the CPU patches with 126.96.36.199, 10.1.0.5, 10.2.0.3, and 188.8.131.52 for the database and ATG_PF.H RUP5, or RUP6 for the Oracle E-Business Suite 11i.
More information about the vulnerabilities and detailed recommendations on patching and testing is available at -
I will be presenting an OAUG eLearning Community Thursdays session on Thursday, May 1 giving additional information on the CPU and its impact on your Oracle Applications implementation. OAUG members can sign-up for the session at -