Is the Oracle Critical Patch Update for October 2010 Massive?

The news reports describing the October 2010 Oracle Critical Patch Update (CPU) are using terms like "giant", "massive", and practically every other known synonym for a really big security patch release.  These news reports must be resonating with CIOs and CSOs as Integrigy has received a number of client calls and a huge response to our upcoming webinars detailing this CPU.

Oracle Application Server Fastcgi Echo Vulnerability Reports

A potential and unconfirmed cross-site scripting (XSS) vulnerability in the Oracle Application Server has been reported on the Full Disclosure mailing list.  The vulnerability is in the FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server.  Integrigy has not confirmed the vulnerability as the author has not released details but the author claims this XSS vulnerability is different than those previously fixed in the fcgi-bin echo programs.

Oracle CPU Dates Shifted by a Week in 2011

Oracle has announced a slight change to the release schedule for Critical Patch Update (CPU) releases starting in 2011.  Rather than release on the Tuesday closest to the 15th of the month, now it will be the Tuesday closest to the 17th.  The intention of this shift is to provide more of a buffer for the January release to accommodate year-end close and vacations around the Christmas and New Years holidays.  Therefore, some of the CPU release dates have shifted by a week.

Webinar: Oracle E-Business Suite Security Risks Primer for Internal Auditors

Oracle E-Business Suite Security Risks Primer for Internal Auditors
Tuesday, September 14, 2010 1:00 PM - 2:00 PM EDT

Internal Auditors are trained to understand the financial aspects and the end user functionally of an ERP solution. However, most Internal Auditors have not been trained in the security features of an ERP system. This one hour auditing primer webinar will highlight the basic security that should be found within all implemented Oracle E-Business Suite (OEBS) systems.

Upcoming IOUG Webinar - A Journey Through Enterprise Database Security for DBAs

Integrigy's CTO, Stephen Kost, will be presenting an Independent Oracle User's Group (IOUG) educational webinar as part of IOUG's Database Security Technical Education Series.

A Journey Through Enterprise Database Security for DBAs
Stephen Kost, Integrigy
Wednesday, May 26, 1:00pm - 2:00pm CT

This presentation is intended for Database Administrators. It will detail the enterprise database security requirements, regulatory requirements and monitoring of databases.

Integrigy Oracle CPU Virtual Session Live from COLLABORATE 10

For those of you unable to attend the OAUG/IOUG COLLABORATE 10 User Conference in Las Vegas next week, the conference is offering a virtual experience of the conference.  There will be 41 sessions available via webinar live from Las Vegas.  Integrigy is pleased to announce that the following session is included in the roster of Plug-in to Vegas virtual sessions -

Integrigy at COLLABORATE 10

For those of you not familiar with COLLABORATE or have not previously attended, the Oracle Applications Users Group (OAUG), Independent Oracle Users Group (IOUG), and Quest have teamed together to host a user-driven event with exceptional content.  COLLABORATE 10 is Sunday, April 18, 2010 through Thursday, April 22, 2010 in Las Vegas.  This year there will be over 1,000 technical sessions covering virtually every Oracle product. 

Oracle Critical Patch Update October 2009 - 11i ATG RUP6 or RUP7 Only

Oracle has officially released the latest Oracle Applications Technology update patch which is formally known as Oracle Applications Technology (RUP7).  The patch number is 6241631.

The Oracle policy for Oracle E-Business Suite 11i Critical Patch Updates is very clear -

Oracle Applications Technology (ATG) Minimum Supported Baseline:

Oracle Critical Patch Update (CPU) - July 2009 - E-Business Suite Impact

Oracle released the nineteenth Critical Patch Update (CPU) on Tuesday, July 14, 2009 (CPU July 2009/CPUJul09). This quarter is the same as the previous eighteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 12 of the 30 vulnerabilities fixed impact the Oracle E-Business Suite.  Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.