Oracle released the thirteenth Critical Patch Update (CPU) today. This quarter is the same as the previous twelve with many patches and long hours in order to get all the security patches applied in a timely manner. 17 of the 27 vulnerabilities fixed impact Oracle E-Business Suite 11i. Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.
There is a significant Oracle Jinitiator patch that fixes a previously discussed vulnerability. The key part about upgrading Jinitiator is that all previous versions must be removed from the client PC since every new version of Jinitiator is a unique install and does not remove the previous version.
For R12, Oracle has now made the Oracle Applications patches cumulative and the patch is also included in the newly released 12.0.4 patch.
This quarter does have a lower than average number of database vulnerabilities that can be exploited by lowly privileged database accounts, although even if it was just one vulnerability the database security patch should still be a priority.
Oracle continues the push to keep all customers on recent versions by only certifying the CPU patches with 18.104.22.168, 10.1.0.5, 10.2.0.2, and 10.2.0.3 for the database and RUP4, RUP5, or RUP6 for the Oracle E-Business Suite 11i.
More information about the vulnerabilities and detailed recommendations on patching and testing is available at -
I will be presenting an OAUG eLearning Community Thursdays session this Thursday January 17th giving additional information on the CPU and its impact on your Oracle Applications implementation. OAUG members can sign-up for the session at -