RE: Security patching on older Oracle Linux

From: Dimensional DBA <dimensional.dba_at_comcast.net>
Date: Fri, 29 Jan 2016 13:46:05 -0800
Message-ID: <01f001d15ade$755cca70$60165f50$_at_comcast.net>

You always have some exposure internally to just people wanting see if they can get to something and you never know when a hole will open exposure remotely.

As a DBA/SA the only thing you can do is to simply keep up with patching and that includes moving off an older version of the OS. You are on Linux and unless you are also behind in your version of the Oracle database then you should be able to simply build a new server/VM and perform a standby flip to it and keep moving forward instead of worrying about these security patches. If you don’t like OL7 yet, then you can always go to OL6.

Most larger organizations who are under any type of major compliance rules normally are looking at continuous remediation. I have always been one to not only try and pick up the Oracle quarterly patches but also the OS equivalent patches so we are always moving forward. The OS patches except for a few Oracle products/features normally move upwards with very few if any problems on the Oracle side.

Matthew Parker

Chief Technologist

Dimensional DBA

425-891-7934 (cell)

D&B 047931344

CAGE 7J5S7 Dimensional.dba_at_comcast.net

<http://www.linkedin.com/pub/matthew-parker/6/51b/944/> View Matthew Parker's profile on LinkedIn

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Rich J Sent: Friday, January 29, 2016 6:58 AM
To: Oracle L
Subject: Security patching on older Oracle Linux

Hey all,

So, I'm reading about the new OpenSSL security issue at http://arstechnica.com/security/2016/01/high-severity-bug-in-openssl-allows-attackers-to-decrypt-https-traffic/ and there are a few things I noted. First, it only affects v1.0.2. Good for me. Second, support for 0.9.8 is done. Potentially bad for me. Third, the yum repos for Oracle Linux 5 stop at 0.9.8. Seemingly worse for me.

My Oracle Linux box has very low exposure internally and no exposure externally, but that doesn't mean future ones will be similarly walled off. What's a DBA/SA to do? Migrating this box to a new OL7 one is frankly a huge undertaking with near-zero return. (The Oracle DB on there is actually the easiest to move!)

Thoughts?
Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jan 29 2016 - 22:46:05 CET

This message: [ Message body ]
Next message: Andrew Kerber: "Re: Cheap metalink access"
Previous message: Kellyn Pot'Vin-Gorman: "Re: OEM Agent and a hanging grant"
In reply to: Rich J: "Security patching on older Oracle Linux"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message