Re: CVEs and Oracle products

From: Patrice sur GMail <patrice.boivin_at_gmail.com>
Date: Fri, 6 Jun 2014 13:46:34 -0300
Message-ID: <CACH2EDJnRJEauH8sn0OyGb5Fikursty=0iBXvV0MyGS1i7in5g_at_mail.gmail.com>

I also know about mitre.org... e.g.
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=oracle and NIST... e.g. for the OpenSSL CVE:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0224

But it refers to openSSL, not to the products running OpenSSL... can't quickly tell if any Oracle products are affected.

On Fri, Jun 6, 2014 at 1:43 PM, Patrice sur GMail <patrice.boivin_at_gmail.com> wrote:

> I was wondering, does Oracle have a CVE equivalency database that would
> let us enter a CVE and find out if it applies to any Oracle products and
> what versions, if any? (Most of the time probably the CVEs don't apply.)
>
> Bureaucrats sometimes forward e-mails about CVE numbers and want us to
> assure them that we're "safe" and entering CVE numbers in My Oracle Support
> doesn't usually turn up anything.
>
> I am guessing that for DBAs in more secure environments this is routine
> stuff, thought maybe someone might be able to provide some pointers.
>
> I know about the typical advice like "stay up-to-date with your software
> versions" -- except for that OpenSSL bug LOL which got some people in
> trouble, no memory sticks or used to be CDs (esp. if people are outside
> your building handing them out for free), passwords are not all that secure
> (some employees are willing to give them up for a little gift at the door),
> social engineering, don't trust your own employees, etc. etc. I am just
> looking for a lookup site somewhere that we might be able to trust.
>
> -- Patrice
> My profiles: [image: Facebook]
> <http://www.facebook.com/home.php?#!/profile.php?id=100000206805521>[image:
> LinkedIn] <http://ca.linkedin.com/pub/patrice-boivin/a/933/5a9>[image:
> Twitter] <http://www.twitter.com/PatriceBoivin>
> <http://www.twitter.com/PatriceBoivin>
> Signature powered by WiseStamp <http://www.wisestamp.com/email-install>
>

-- 


-- Patrice
My profiles: [image: Facebook]
<http://www.facebook.com/home.php?#!/profile.php?id=100000206805521>[image:
LinkedIn] <http://ca.linkedin.com/pub/patrice-boivin/a/933/5a9>[image:
Twitter] <http://www.twitter.com/PatriceBoivin>
 <http://www.twitter.com/PatriceBoivin>
Signature powered by WiseStamp <http://www.wisestamp.com/email-install>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jun 06 2014 - 18:46:34 CEST

This message: [ Message body ]
Next message: Peter Sharman: "RE: EM 12c best practise!!"
Previous message: Patrice sur GMail: "CVEs and Oracle products"
In reply to: Patrice sur GMail: "CVEs and Oracle products"
Next in thread: Job Miller: "Re: CVEs and Oracle products"
Reply: Job Miller: "Re: CVEs and Oracle products"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message