Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle security fixes are released between official cpu releases

Re: Oracle security fixes are released between official cpu releases

From: David Litchfield <david_at_databasesecurity.com>
Date: Wed, 25 Jul 2007 12:13:31 +0100
Message-ID: <05b401c7ceac$d71f06a0$4001a8c0@databasesecurity.com> 





> I tried the bunkerview on a 10203 database which had patch 7 (6038241)

> applied which is also labeled as cpu APRIL 2007 and it failed. So looks 

> like

> it was already fixed before Cpu July 2007 came out. That makes me believe

> that Oracle releases security fixes in between cpu's.




When waiting for Oracle to fix some of the security issues I've informed 
them about, I've noted that, if a fix is available for a given platform, 
Oracle may to slip it in to a CPU without announcing it. Only when all 
platforms have a patch available do Oracle then note it in their risk 
matrix. This is probably what you're seeing.
HTH,



David


--
http://www.freelists.org/webpage/oracle-l


Received on Wed Jul 25 2007 - 06:13:31 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US