From oracle-l-bounce@freelists.org Fri Sep 3 08:34:54 2004 Return-Path: Received: from air189.startdedicated.com (root@localhost) by orafaq.com (8.11.6/8.11.6) with ESMTP id i83DYst20994 for ; Fri, 3 Sep 2004 08:34:54 -0500 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air189.startdedicated.com (8.11.6/8.11.6) with ESMTP id i83DYrI20989 for ; Fri, 3 Sep 2004 08:34:53 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 0431F72C6DF; Fri, 3 Sep 2004 08:37:27 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 07639-43; Fri, 3 Sep 2004 08:37:26 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 4E7EA72C2FB; Fri, 3 Sep 2004 08:37:26 -0500 (EST) Received: with ECARTIS (v1.0.0; list oracle-l); Fri, 03 Sep 2004 08:35:52 -0500 (EST) X-Original-To: oracle-l@freelists.org Delivered-To: oracle-l@freelists.org Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 153D672C5E8 for ; Fri, 3 Sep 2004 08:35:52 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05639-98 for ; Fri, 3 Sep 2004 08:35:51 -0500 (EST) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.206]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 9722A72C4F7 for ; Fri, 3 Sep 2004 08:35:51 -0500 (EST) Received: by mproxy.gmail.com with SMTP id 78so17644rnl for ; Fri, 03 Sep 2004 06:39:12 -0700 (PDT) Received: by 10.38.79.68 with SMTP id c68mr165376rnb; Fri, 03 Sep 2004 06:39:12 -0700 (PDT) Received: by 10.38.78.52 with HTTP; Fri, 3 Sep 2004 06:39:12 -0700 (PDT) Message-ID: <7765c8970409030639380a835a@mail.gmail.com> Date: Fri, 3 Sep 2004 14:39:12 +0100 From: Niall Litchfield To: oracle-l@freelists.org Subject: Re: security alert - management up in arms In-Reply-To: <80D4A99A2715674EB2D256DAD89219F6044E8DBA@dohsmailhq04.doh.ad.state.fl.us> Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit References: AcRQOBznGBiyW5EDTWGkgh3p/2NzxRAzi+9QAAb1bSA= <80D4A99A2715674EB2D256DAD89219F6044E8DBA@dohsmailhq04.doh.ad.state.fl.us> X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 9085 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: niall.litchfield@gmail.com Precedence: normal Reply-To: niall.litchfield@gmail.com X-list: oracle-l X-Virus-Scanned: by amavisd-new at freelists.org >From the notes on security patches - It would seem that Oracle say Go ahead - if it doesn't work call us! 22. The patch README file mentioned "You must have NO OTHER PATCHES installed on your Oracle Server since the latest patch set (or base release x.y.z if you have no patch sets installed)." What do I do if I have applied any one-off patches? We put in this warning as a standard practice with the readmes of ALL interim (one-off) patches, because the application of any patch can add risk to the processing environment. Interim patches are not tested as extensively as patchsets. The customers need to know that there is always a possibility of a file conflicts with a previous patch that was applied since the last patchset. However, the customer should still try to apply the patch with opatch. If conflict reported and the conflict is not pointing to a previous security alert, the customer should request a merge patch. Otherwise, they can ignore the conflict report. On Thu, 2 Sep 2004 15:22:42 -0400, paula_stankus@doh.state.fl.us wrote: > Now, I read the security patch and it says "You must have NO OTHER = > PATCHES installed on your Oracle server since the last patch set". NOW = > WHAT!@#@!#!@!#!@#!@ > > > > -----Original Message----- > From: Stankus, Paula G=20 > Sent: Thursday, September 02, 2004 1:28 PM > To: 'oracle-l@freelists.org' > Subject: RE: security alert - management up in arms > > Guys, > > I had 3 managers ask me about this today. I am planning to put in dev = > then prod but they want me to open emergency tickets and start doing = > now!!!! All of our oracle databases are internal (inside of a = > firewall). =20 > > My concern is having recently been burnt on 9.2.0.5 Solaris 64-bit - = > that this not be another exercise in Oracle regression testing. > > I know that a security patch is much more focused and likely doesn't = > have the same changes/impact as a patchset. However, what does everyone = > do in terms of due diligence to ensure these security patches are not = > going to "break" Oracle functionality. It seems like it should be = > reasonable to put in dev/test - run for a little while then promote. = > However, with 9.2.0.5 we didn't come up with problems until we used = > export/import and sql*loader. > > Any thoughts on this? > > "This e-mail is a critical technical alert which is being sent as a = > service to all MetaLink users! > > The following Security Alert has been published on MetaLink by the = > Oracle Security Compliance team: > > August 31, 2004 > Severity: 1=20 > > Alert #68: Oracle Security Update" > > --- > To unsubscribe - mailto:oracle-l-request@freelists.org&subject=unsubscribe > To read recent messages - http://freelists.org/archives/oracle-l/09-2004 > -- Niall Litchfield Oracle DBA http://www.niall.litchfield.dial.pipex.com -- To unsubscribe - mailto:oracle-l-request@freelists.org&subject=unsubscribe To search the archives - http://www.freelists.org/archives/oracle-l/