Steve, who is using PeopleSoft, started to get exposed to Oracle's patches. He writes:
Let us know if you have any pointers. I will add hints, URLs and other help to this diary. Among our group of handlers, we have kind of given up on covering Oracle patches due to the large number and missing details in advisories (plus, its not all that easy to get the advisories in the first place).
"I'm the security admin for a organization which uses PeopleSoft, which of course was purchased by Oracle last eyar. This meant, unfortunately, that I had to start subscribing ot the Oracle Critical Patch Update. [...] I've never figured out how to get actual details on the vulnerabilities it lists.
Maybe one [of your diary readers] can offer a tutorial or some tips"
Kilynn writes that you can signup for notifications at http:/www.oracle.com/technology/deploy/security/alerts.htm . This will also provide access to the "Risk Matrix" which should also help in applying the patches. However, to know more you need to signup for a "MetaLink" account, which appears to be reserved for Oracle customers. (Actually the original poster, Steve, mentioned the risk matrix, but it wasn't too much help for him without details to adjust it for his environment. It wasn't clear to him how to get access to MetaLink as a former PeopleSoft customer).
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020
Apr 19th 2006
1 decade ago