Re: Windows client
- From: Paul Drake <bdbafh@xxxxxxxxx>
- To: lkemnitz@xxxxxxxx
- Date: Thu, 4 Nov 2004 16:12:09 -0500
LeRoy,
consult the updated document covering this on Metalink.
They have revised their position, but I haven't checked it in a few days.
check Note:282108.1
check "21. Is the Database Client install equally vulnerable?"
I'm glad that I checked this, as I had installed 10.1.0.2 in
development and applied 10.1.0.3 to it and thought that the binaries
were covered for Alert #68.
they're not.
the same holds true for 9.2.0.6.
check " 40. Will the Security fixes included in Alert 68 be available
in 9.2.0.6 or 10.1.0.3 patchset?"
which means, I'll still have to deal with OPatch when attempting to
skip by 9.2.0.5 and going straight from 9.2.0.1.0 base install and
applying the 9.2.0.6.0 patchset.
Wouldn't it be great if Oracle would re-release the base release as
9.2.0.6.0 as a base install, like how they did that for 9i Release 2
for lin32 (9.2.0.4)?
guess its still job security stuff.
"PatchMaster" Paul
On Thu, 04 Nov 2004 13:52:55 -0600, LeRoy Kemnitz <lkemnitz@xxxxxxxx> wrote:
> I have read many articles and forums on the Security Alert #68. I have
> applied my patches to the server, 9.2.0.5 on aix 5.1. My last concern
> is about the clients - Oracle recommends we patch the clients as well.
> There is no way to mass update all the clients at once. We would need
> to visit each machine - we are talking 100's of machines. My questions
> is - Do we need to? If the server is patched, what vulnerabilites
> would there be from the client? How are the rest of you handling this?
> I am leaning towards not updating the clients.
>
> LeRoy
>
> --
> //www.freelists.org/webpage/oracle-l
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
