Major Oracle Patch Covers Enterprise Products, Database ServerBy Lisa Vaas | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
The third cumulative patch from Oracle since the start of its new system applies a set of 49 fixes to a wide array of offerings.Oracle has released a set of 49 patches that addresses new flaws in multiple versions of its Database Server, Application Server, Collaboration Suite, E-Business and Applications, and Enterprise Manager products.
The patches are available on OTN (the Oracle Technology Network).
The product flaws vary in terms of exploitability. Oracle Database has 12 flaws, including a flaw in Database 10g's Oracle OLAP (online analytical processing) that requires Database privilegeexecute on olapsysbut which, according to Oracle's posting, is both easily accessible and would have a wide impact.
Therefore, according to Oracle's posting, it is not necessary to apply this Critical Patch Update to client-only installations if a prior Critical Patch Update, or Alert 68, has already been applied to the client-only installations.
The Oracle Database Server, Enterprise Manager and Oracle Application Server patches are cumulative, containing all fixes from the previous Critical Patch Update.
Not so for E-Business Suite or Collaboration Suite patches, however, so customers using these products should refer to previous Critical Patch Updates to identify previous fixes they need to apply.
This is the third of Oracle's Critical Patch Updates since the company started cumulative patch releases in January.
Jon Oltsik, an analyst at Enterprise Strategy Group, said that Oracle customers are mostly comfortable with Oracle's new patching strategy, but they would like Oracle to be more proactive with emergency patches.
"If any are high impact, if I were a customer and had a major investment in Oracle, I wouldn't want to wait around for the cumulative patch release," he said. "I want to know about them immediately and apply them immediately."
In contrast, Microsoft offers custom services for big enterprise customers. Oracle has resisted that, Oltsik said, since it's more difficult from a process perspective to offer such services. "[But] if I'm a big customer, I don't care about your processes," he said. "If I'm buying from you, give me good service."
"People tend to criticize Microsoft from [the standpoint of] general security and number of vulnerabilities," Oltsik said. "But from [the perspective of] patching and management strategies, they're very, very good and flexible. I'd say, more so than Oracle."
Check out eWEEK.com's for the latest database news, reviews and analysis.