Oracle Security Blog

Integrigy's CTO, Stephen Kost, will be presenting an Independent Oracle User's Group (IOUG) educational webinar as part of IOUG's Database Security Technical Education Series.

A Journey Through Enterprise Database Security for DBAs
Stephen Kost, Integrigy
Wednesday, May 26, 1:00pm - 2:00pm CT

This presentation is intended for Database Administrators. It will detail the enterprise database security requirements, regulatory requirements and monitoring of databases.

For those of you unable to attend the OAUG/IOUG COLLABORATE 10 User Conference in Las Vegas next week, the conference is offering a virtual experience of the conference.  There will be 41 sessions available via webinar live from Las Vegas.  Integrigy is pleased to announce that the following session is included in the roster of Plug-in to Vegas virtual sessions -

Here is a brief analysis of the pre-release announcement for the upcoming January 2010 Oracle Critical Patch Update (CPU) -

For those of you who didn't read the Oracle Critical Patch Update (CPU) July 2009 Oracle E-Business Suite documentation (Metalink Note ID 836258.1) closely enough, Oracle has now established a minimum baseline for R12.

Starting with the October 2009 Critical Patch Update -

Oracle has officially released the latest Oracle Applications Technology update patch which is formally known as Oracle Applications Technology 11i.ATG_PF.H.delta.7 (RUP7).  The patch number is 6241631.

The Oracle policy for Oracle E-Business Suite 11i Critical Patch Updates is very clear -

Oracle Applications Technology (ATG) Minimum Supported Baseline:

Oracle released the nineteenth Critical Patch Update (CPU) on Tuesday, July 14, 2009 (CPU July 2009/CPUJul09). This quarter is the same as the previous eighteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 12 of the 30 vulnerabilities fixed impact the Oracle E-Business Suite.  Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.

Here is a brief analysis of the pre-release announcement for the upcoming July 2009 Oracle Critical Patch Update (CPU) -

Oracle has hinted at the upcoming release of Oracle E-Business Suite 11i.ATG_PF.H.delta.7 (or commonly referred to as RUP7) and will be most likely available in the next several months as it is currently under going internal testing.  Oracle Critical Patch Update patches for Oracle E-Business Suite 11i have the latest ATG RUP patches as a prerequisite - the official prerequisite is RUP N or RUP N-1 is required.  The last RUP was ATG RUP6 (5903765) released in October 20

The COLLABORATE 09 conference has completed and from all accounts was a success.  For those of you not familiar with COLLABORATE, the Oracle Applications Users Group (OAUG), Independent Oracle Users Group (IOUG), and Quest have teamed together to host a user-driven event with exceptional content.  This year's conference had over 1,000 technical sessions covering virtually every Oracle product.  Integrigy delivered 3 security related presentations and I have upload the presentations to our Security Resources section under Whitepapers and Presentations.  Here are the links

For those of you not familiar with COLLABORATE or have not previously attended, the Oracle Applications Users Group (OAUG), Independent Oracle Users Group (IOUG), and Quest have teamed together to host a user-driven event with exceptional content.  COLLABORATE 09 is next week, Sunday, May 3 through Thursday, May 7 in Orlando.  This year there will be over 1,000 technical sessions covering virtually every Oracle product. 

Integrigy's CTO, Stephen Kost, will be presenting three technical sessions:

Oracle released the eighteenth Critical Patch Update (CPU) on Tuesday, April 14, 2009 (CPU April 2009/CPUApr09). This quarter is the same as the previous sixteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 20 of the 43 vulnerabilities fixed impact the Oracle E-Business Suite.  Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.

Oracle released the seventeenth Critical Patch Update (CPU) on Tuesday, January 13, 2009 (CPU January 2009/CPUJan09). This quarter is the same as the previous sixteen with many patches and long hours in order to get all the security patches applied in a timely manner. Around 10 of the 41 vulnerabilities fixed impact the Oracle E-Business Suite. Fortunately like the last few quarters, this quarter there are no new Oracle Application Server or Developer 6i patches required for the Oracle E-Business Suite 11i.

Here is a brief analysis of the pre-release announcement for the upcoming January 2009 Oracle Critical Patch Update (CPU) -

New information has been released for an Oracle E-Business Suite 11i security vulnerability fixed as part of the April 2007 Critical Patch Update.  The vulnerability was discovered by Joxean Koret and the TippingPoint Zero Day Initiative released the advisory.  For those of you not familiar with the Zero Day Initiative, it is a security vendor sponsored program that pays for security vulnerability information.