Wednesday Jan 21, 2015

CPU Quarterly - January 2015 Security Advisor

Note this quarter's Oracle Critical Patch Update Advisory - January 2015.

The details for Oracle Forms and Oracle Reports environments - releases, patch numbers, configuration heads-ups, ... - are availabe via Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs) (MOS authentication neededNote 1494151.1)

Wednesday Jul 16, 2014

CPU Quarterly - July 2014 Security Advisor and Java SE Updates Released

It is good practice to review the security updates for your Oracle products regularly. They are updated quarterly with latest just published (July 2014).
The Oracle Critical Patch Update Advisory lists best practices and latest patches with scope making Oracle products more stable and robust.
TheMOS authentication needed PSU and CPU July 2014  Availability Document gives a comprehensive listing of recommended patching  for products and releases effected. Note that all effected components of a product are listed there.

For example for an 11.1.2.2.0 Forms/Reports environment follow this navigation path:

  • "Patch Availability for Oracle Products"
  • "Oracle Fusion Middleware"
  • "Oracle Fusion Middleware"
  • 3.3.17.4 Oracle Forms and Reports 11.1.2.2

 leading to Table 78. There are references for Java SE, JRockit, WebLogic Server, Database client, Oracle ADF,
OPMN, HTTP Server that are strongly recommended to review an implement. Even though Forms/Reports may not be effected directly, partner components need an update.

 An important part is always Java. With July 2014,  Java 8u11, 7u65, 6u81, and 5u71 are now in place (8u11 and 7u65 are publicly available through OTN).  The Information Center: Installation & Configuration for Oracle Java SE (MOS authentication neededDoc ID 1412103.2) will give more details on Java SE  download and installation.

as

Wednesday Jan 22, 2014

Oracle Critical Patch Update January 2014 - Availability and Relevance

Oracle constantly reviews its products to harden against security threatening. Regularly an "Oracle Critical Patch Update Advisory" is published to inform about new patches and other actions to take. Oracle users are highly recommended to carefully review and to consider these advices.

With the January 2014 advisory, Oracle Forms and Oracle Reports for releases 11gR1 and 11gR2 are not effected by a new patch directly. Nevertheless, there are two items to take into account:

  • Corresponding Oracle Fusion Middleware components like database client, JDK, HTTP Server, ... may need patching. Find the details in Master Note on Fusion Middleware Proactive Patching - Patch Set Updates (PSUs) and Bundle Patches (BPs) MOS authentication neededDoc ID 1494151.1)
  • The January 2014 Risk Matrices - Oracle Fusion Middleware lists one item for Oracle Reports: CVE-2013-5785 dedicated to versions 11.1.1.6, 11.1.1.7 & 11.1.2.1 and gives best practices how to use the existing feature "Enable File System Access Control". Check out "Enable File System Access Control" - Fine Grained File System Access Control for the Reports Server MOS authentication neededDoc ID 1608683.1 for more details.

Security Alert Tickler Tip:
Keep updated on latest security announcements from Critical Patch Updates, Security Alerts and Third Party Bulletin and activate the Security Alert Tickler (RSS Feed)!

 





About


This is the official blog of the Proactive Support Team for Developer Tools: Oracle Forms, Oracle Reports, Apex, SQLDeveloper, ... . Find information about our activities, publications, product related information and more.

 

Follow @psdDevTools on Twitter

Search

Archives
« March 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today