| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Security Alert #68 - patchsets required on client software also?
Note ID: 282108.1
21. Is the Database Client install equally vulnerable?
We are still investigating what is required. For now it is our belief that the priority is to patch Database servers and middle tier servers. Watch this part of the FAQ for updated information about patching clients. The same patch for the database server can be applied on the middle tier servers also.
That is good news as compared with the prior iteration.
Paul
On Tue, 21 Sep 2004 20:59:11 -0400, Paul Drake <bdbafh_at_gmail.com> wrote:
> Niall,
>
> Out of respect to NYOUG, I didn't bring that topic up with Charles E.
> Phillips, Jr. during the Q & A session after his keynote speech at the
> NYOUG seminar today.
>
> But I sure was tempted.
>
> It may be time for an iTAR on this one if a search of the Metalink
> forums doesn't yield any results.
>
> Paul
>
>
>
> On Tue, 21 Sep 2004 09:43:49 +0100, Niall Litchfield
> <niall.litchfield_at_gmail.com> wrote:
> > comments as ever
> > On Mon, 20 Sep 2004 16:10:39 -0400, Paul Drake <bdbafh_at_gmail.com> wrote:
> > > I'm really hoping that Oracle changes their position on this one ...
> > > but in case someone has already obtained more info on this issue
> > > already ...
> >
> > I'd also like more info, but if the client is affected - and I was
> > wondering how it wouldn't be for some of the vulnerabilities - then
> > just patching the server/app server seems to only be doing half a job.
> >
> > > What is your company's position on applying the patchsets covered by
> > > Oracle Security Alert #68 - to the Oracle Client Software already
> > > installed on desktops and application servers (not the Oracle Database
> > > server(s)).
> >
> > we'd do the app servers as a matter of course - 3000 remote laptops is
> > a somewhat different proposition. I haven't looked at doing that yet,
> > in the past we have used SMS I'm not sure whether we'd go that way
> > here.
> >
> >
> > > This is mentioned (in no detail) in the following doc:
> > >
> > > http://metalink.oracle.com/metalink/plsql/showdoc?db=Not&id=282108.1
> > >
> > > Item #21.
> > >
> > > 21. Is the Database Client install equally vulnerable?
> > >
> > > Yes, according to Development, all database clients on all
> > > versions have to be patched also. The same patch for the database
> > > server can be applied on the client installation also.
> > >
> > > thanks in advance for your opinions.
> >
> > Sounds like the persdon writing the patch note doesn't know what the
> > patch does....
> >
> >
> > --
> > Niall Litchfield
> > Oracle DBA
> > http://www.niall.litchfield.dial.pipex.com
> >
>
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Sep 22 2004 - 23:09:05 CDT
 |
 |