Re: Security Alert #68 - patchsets required on client software also?

• From: Paul Drake <bdbafh@xxxxxxxxx>
• To: Niall Litchfield <niall.litchfield@xxxxxxxxx>
• Date: Tue, 21 Sep 2004 20:59:11 -0400

Niall,

Out of respect to NYOUG, I didn't bring that topic up with Charles E.
Phillips, Jr. during the Q & A session after his keynote speech at the
NYOUG seminar today.

But I sure was tempted.

It may be time for an iTAR on this one if a search of the Metalink
forums doesn't yield any results.

Paul

On Tue, 21 Sep 2004 09:43:49 +0100, Niall Litchfield
<niall.litchfield@xxxxxxxxx> wrote:
> comments as ever
> On Mon, 20 Sep 2004 16:10:39 -0400, Paul Drake <bdbafh@xxxxxxxxx> wrote:
> > I'm really hoping that Oracle changes their position on this one ...
> > but in case someone has already obtained more info on this issue
> > already ...
> 
> I'd also like more info, but if the client is affected - and I was
> wondering how it wouldn't be for some of the vulnerabilities - then
> just patching the server/app server seems to only be doing half a job.
> 
> > What is your company's position on applying the patchsets covered by
> > Oracle Security Alert #68 - to the Oracle Client Software already
> > installed on desktops and application servers (not the Oracle Database
> > server(s)).
> 
> we'd do the app servers as a matter of course - 3000 remote laptops is
> a somewhat different proposition. I haven't looked at doing that yet,
> in the past we have used SMS I'm not sure whether we'd go that way
> here.
> 
> 
> > This is mentioned (in no detail) in the following doc:
> >
> > http://metalink.oracle.com/metalink/plsql/showdoc?db=Not&id=282108.1
> >
> > Item #21.
> >
> > 21.  Is the Database Client install equally vulnerable?
> >
> >     Yes, according to Development, all database clients on all
> > versions have to be patched also.  The same patch for the database
> > server can be applied on the client installation also.
> >
> > thanks in advance for your opinions.
> 
> Sounds like the persdon writing the patch note doesn't know what the
> patch does....
> 
> 
> --
> Niall Litchfield
> Oracle DBA
> http://www.niall.litchfield.dial.pipex.com
>
--
//www.freelists.org/webpage/oracle-l

• Follow-Ups:
  • Re: Security Alert #68 - patchsets required on client software also?
    • From: Paul Drake

• References:
  • Security Alert #68 - patchsets required on client software also?
    • From: Paul Drake
  • Re: Security Alert #68 - patchsets required on client software also?
    • From: Niall Litchfield

Other related posts:

• » Security Alert #68 - patchsets required on client software also?
• » Re: Security Alert #68 - patchsets required on client software also?
• » Re: Security Alert #68 - patchsets required on client software also?
• » Re: Security Alert #68 - patchsets required on client software also?
• » RE: Security Alert #68 - patchsets required on client software also?
• » Re: Security Alert #68 - patchsets required on client software also?
• » Re: Security Alert #68 - patchsets required on client software also?
• » Re: Security Alert #68 - patchsets required on client software also?

1. Home
2. oracle-l
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---