The news reports describing the October 2010 Oracle Critical Patch Update (CPU) are using terms like "giant", "massive", and practically every other known synonym for a really big security patch release. These news reports must be resonating with CIOs and CSOs as Integrigy has received a number of client calls and a huge response to our upcoming webinars detailing this CPU.
Here is a brief analysis of thefor the upcoming October 2010 Oracle Critical Patch Update (CPU) -
A potential and unconfirmed cross-site scripting (XSS) vulnerability in the Oracle Application Server has been reported on the Full Disclosure mailing list. The vulnerability is in the FastCGI module delivered with the Apache httpd server that is incorporated into the Oracle Application Server. Integrigy has not confirmed the vulnerability as the author has not released details but the author claims this XSS vulnerability is different than those previously fixed in the fcgi-bin echo programs.
Oracle has announced a slight change to the release schedule for Critical Patch Update (CPU) releases starting in 2011. Rather than release on the Tuesday closest to the 15th of the month, now it will be the Tuesday closest to the 17th. The intention of this shift is to provide more of a buffer for the January release to accommodate year-end close and vacations around the Christmas and New Years holidays. Therefore, some of the CPU release dates have shifted by a week.
Oracle E-Business Suite Security Risks Primer for Internal Auditors
Tuesday, September 14, 2010 1:00 PM - 2:00 PM EDT
Internal Auditors are trained to understand the financial aspects and the end user functionally of an ERP solution. However, most Internal Auditors have not been trained in the security features of an ERP system. This one hour auditing primer webinar will highlight the basic security that should be found within all implemented Oracle E-Business Suite (OEBS) systems.
Oracle July 2010 CPU - Oracle Database Impact
Thursday, July 29, 2:00pm - 3:00pm EDT
Every quarter, Oracle releases a Critical Patch Update (CPU) that fixes a number of security vulnerabilities in the Oracle Database. This quarterly eLearning session will focus on the July 2010 CPU and the impact on the Oracle Database. The topics will include:
Here is a brief analysis of thefor the upcoming July 2010 Oracle Critical Patch Update (CPU) -
Integrigy's CTO, Stephen Kost, will be presenting a series of webinars on Oracle's Critical Patch Update for July 2010.
Oracle July 2010 CPU - Oracle E-business Suite Impact
Thursday, July 22, 2:00pm - 3:00pm EDT
This quarterly eLearning session will focus on the July 2010 CPU and the impact on E-Business Suite environments.
Topics will include;
Integrigy's CTO, Stephen Kost, will be presenting an Independent Oracle User's Group (IOUG) educational webinar as part of IOUG's Database Security Technical Education Series.
A Journey Through Enterprise Database Security for DBAs
Stephen Kost, Integrigy
Wednesday, May 26, 1:00pm - 2:00pm CT
This presentation is intended for Database Administrators. It will detail the enterprise database security requirements, regulatory requirements and monitoring of databases.
For those of you unable to attend the OAUG/IOUG COLLABORATE 10 User Conference in Las Vegas next week, the conference is offering a virtual experience of the conference. There will be 41 sessions available via webinar live from Las Vegas. Integrigy is pleased to announce that the following session is included in the roster of Plug-in to Vegas virtual sessions -
For those of you who didn't read the Oracle Critical Patch Update (CPU) July 2009 Oracle E-Business Suite documentation (Metalink Note ID 836258.1) closely enough, Oracle has now established a minimum baseline for R12.
Starting with the October 2009 Critical Patch Update -
Oracle has officially released the latest Oracle Applications Technology update patch which is formally known as Oracle Applications Technology 11i.ATG_PF.H.delta.7 (RUP7). The patch number is 6241631.
The Oracle policy for Oracle E-Business Suite 11i Critical Patch Updates is very clear -
Oracle Applications Technology (ATG) Minimum Supported Baseline:
Oracle released the nineteenth Critical Patch Update (CPU) on Tuesday, July 14, 2009 (CPU July 2009/CPUJul09). This quarter is the same as the previous eighteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 12 of the 30 vulnerabilities fixed impact the Oracle E-Business Suite. Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.