Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Oracle announces quarterly patching schedule

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Oracle announces quarterly patching schedule
Date: Fri, 19 Nov 2004 05:02:13 -0600 (CST) 
http://www.nwfusion.com/news/2004/1118orpatch.html

By Ellen Messmer
Network World Fusion
11/18/04

Oracle plans to begin issuing cumulative software patches for Oracle 
Database, E-Business Suite, Application Server, Oracle Enterprise 
Manager and Collaboration Suite on a quarterly basis beginning Jan. 
18. 

Oracle's three other scheduled patch-release dates in 2005 are April 
12, July 12 and Oct. 18. Oracle's chief security officer, Mary Ann 
Davidson, said the quarterly software patch releases will address any 
needed security fixes as well as general non-security-related changes 
in Oracle products. The planned quarterly software releases, which 
Oracle is calling "Critical Patch Updates," are intended to make it 
easier for Oracle customers to handle the software-maintenance 
process. 

Patching typically requires shutting down servers and other systems to 
install new software code, a process that Oracle customers may be 
especially reluctant to do during certain business periods, such as 
when they're closing their books at the end of a financial quarter, 
Davidson said. 

Oracle for the first time in its history selected four specific days 
it intends to release cumulative patches for its products to help 
customers plan ahead and keep the disruption caused by patching to a 
minimum. 

However, Davidson noted that Oracle would make an exception to its 
quarterly update schedule in the event that the software company had 
to issue a "high-severity security alert" due to a vulnerability 
discovered in any Oracle product, particularly if an exploit for it 
were known to be in the wild. 

For this kind of "one-off patch," said Davidson, "We don't want our 
customers to wait for months."

In general, though, if customers decide they don't want to apply any 
software patches issued Jan. 18, for whatever reason, they can wait 
until the next scheduled update, which would come April 12. 

At that time, any software changes issued in the January patch would 
also be included in the April patch. Davidson said the fixed schedule 
will help Oracle produce a single, well-integrated and well-tested 
patch. 



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Oracle announces quarterly patching schedule, InfoSec News <=
Previous by Date:  [ISN] Colleges easy prey to hackers, InfoSec News
Next by Date:  [ISN] Secrecy News -- 11/17/04, InfoSec News
Previous by Thread:  [ISN] Colleges easy prey to hackers, InfoSec News
Next by Thread:  [ISN] Secrecy News -- 11/17/04, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]