You might have noticed recently that Oracle has started new patching CPU (Critical Patch Update) and Oracle is Quite serious about it . These patches are not only for Oracle Applications 11i but they are for entire Oracle Products (11i, database, 10g application server, collaboration suite, Peoplesoft, JDEdward..) . Today and in my subsequent posts I’ll cover Oracle Critical patches & security Alerts.
You can find everything about CPU in metalink Notes & from Oracle’s site (Link Mentioned below)
*Below post are mentioned here for information only, Ideas expressed below are my own.
What is Critical Patch Updates ?
All Security Issues/Bugs are bundled together & shipped as patch every quarter( 3 months, usually in Jan,April,July, Oct.) , these patches are called as Critical Patch Updates or CPU’s.
Before CPU’s (before 2005) Oracle Used to release these security patch with Alert
What are Security Issues / Bugs ?
These vary from getting Unauthorized Access to Application to Attacking your Server so that real can’t access apps (Denial of Service)…
Lets take an example that if you can login to application or retrieve information without Authenicating that might be counted as Security Issue.
Where to find more information on Oracle Security Alerts & Critical Patch Updates ?
You can find most of required information on Oracle’s Site at http://www.oracle.com/technology/deploy/security/alerts.htm
I know its quite difficult to understand whole document in first reading so read two three times & for your convenience I will update more on how to read this document & how to apply CPU w.r.t. Oracle Applications 11i E-Business Suite (I’ll not cover CPU for other components like Application Server or Collaboration Suite here , If you have these components integrated with 11i kindly check respective documentation)
What is some one discovers very major security breach in Oracle Applications ?
In my views Oracle understand criticality of your system & they will release unschedule security patch in that Case.
Important Point w.r.t. CPU for E-Business Suite
There is exception on CPU for E-Business Suite that they are not cumulative which means if you have applied a patch for July 2006 that doesn’t mean that all bugs fixed in April 2006 CPU are also included in July 2006. For other oracle products CPU patches are cumulative.
About How to apply CPU patches Coming Soon……