RE: security alert - management up in arms

Paula,

   The security alert states: "Oracle strongly recommends that you comprehensively test the stability of your system upon application of any patch prior to deleting any original files that are replaced by the patch."

   If anyone can provide me a list of the files this patch replaces, I would appreciate it. Maybe once I unzip the patch it will become obvious.

Dennis Williams
DBA
Lifetouch, Inc.

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Mercadante, Thomas F
Sent: Friday, September 03, 2004 7:01 AM To: 'oracle-l_at_freelists.org'
Subject: RE: security alert - management up in arms

Paula,

You can always take the approach that if Oracle says it must be patched, and you have warned management that the patch should be applied and tested before it goes to production, then you have at least done your part to warn everyone of the risks involved.

I think for the most part that Oracle patches do not at least cause any harm - that at the very least there is *another* patch that should fix any new problmes that arise. We have entered a new world with these freekin Oracle security patches. We're being forced to apply patches even though we don't have any exposure to the problem.

For example, if you do not allow the scheduling of jobs within Oracle, you may not be exposed to the risk. And yet we are forced to patch the database.

Ah well. Just patch it and be done with it.

Tom Mercadante
Oracle Certified Professional

-----Original Message-----
From: Paula_Stankus_at_doh.state.fl.us [mailto:Paula_Stankus_at_doh.state.fl.us] Sent: Thursday, September 02, 2004 1:28 PM To: oracle-l_at_freelists.org
Subject: RE: security alert - management up in arms

Guys,

I had 3 managers ask me about this today. I am planning to put in dev = then prod but they want me to open emergency tickets and start doing = now!!!! All of our oracle databases are internal (inside of a = firewall). =20

My concern is having recently been burnt on 9.2.0.5 Solaris 64-bit - = that this not be another exercise in Oracle regression testing.

I know that a security patch is much more focused and likely doesn't = have the same changes/impact as a patchset. However, what does everyone = do in terms of due diligence to ensure these security patches are not = going to
"break" Oracle functionality. It seems like it should be = reasonable to
put in dev/test - run for a little while then promote. = However, with 9.2.0.5 we didn't come up with problems until we used = export/import and sql*loader.

Any thoughts on this?

"This e-mail is a critical technical alert which is being sent as a =
service to all MetaLink users!

The following Security Alert has been published on MetaLink by the = Oracle Security Compliance team:

August 31, 2004
Severity: 1=20

Alert #68: Oracle Security Update"

---
To unsubscribe - mailto:oracle-l-request_at_freelists.org&subject=unsubscribe 
To read recent messages - http://freelists.org/archives/oracle-l/09-2004
---
To unsubscribe - mailto:oracle-l-request_at_freelists.org&subject=unsubscribe 
To read recent messages - http://freelists.org/archives/oracle-l/09-2004
--
To unsubscribe - mailto:oracle-l-request_at_freelists.org&subject=unsubscribe 
To search the archives - http://www.freelists.org/archives/oracle-l/