InfoSec Handlers Diary Blog - Oracle Critical Patch Update October

SANS ISC: InfoSec Handlers Diary Blog - Oracle Critical Patch Update October

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

Oracle Critical Patch Update October

Published: 2012-10-17
Last Updated: 2012-10-17 03:19:56 UTC
by Mark Hofman (Version: 1)

Oracle has just released their critical patch update http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Quite a number of products are being patched also for those of you subject to PCI DSS there are a significant number of patches addressing issues with a CVSS score of 4 or higher, which must be patched under the standard.

They have also released a critical patch update for Java http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html

The info in the Oracle bulletin is comprehensive and should allow you to identify what needs to be done fairly easily. Both bulletins have the following wording in the work around section "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible." For most of us not new (at least not on the java side), but maybe a strong argument if you get pushback on patching.

Happy patching, as always test before you implement.

Mark H - shearwater

Keywords: internet isc oracle patching sans security

2 comment(s)

Top of page

Diary Archives