RE: security alert - management up in arms
- From: <Paula_Stankus@xxxxxxxxxxxxxxx>
- To: <Paula_Stankus@xxxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Thu, 2 Sep 2004 15:22:42 -0400
Now, I read the security patch and it says "You must have NO OTHER =
PATCHES installed on your Oracle server since the last patch set". NOW =
WHAT!@#@!#!@!#!@#!@
-----Original Message-----
From: Stankus, Paula G=20
Sent: Thursday, September 02, 2004 1:28 PM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: RE: security alert - management up in arms
Guys,
I had 3 managers ask me about this today. I am planning to put in dev =
then prod but they want me to open emergency tickets and start doing =
now!!!! All of our oracle databases are internal (inside of a =
firewall). =20
My concern is having recently been burnt on 9.2.0.5 Solaris 64-bit - =
that this not be another exercise in Oracle regression testing.
I know that a security patch is much more focused and likely doesn't =
have the same changes/impact as a patchset. However, what does everyone =
do in terms of due diligence to ensure these security patches are not =
going to "break" Oracle functionality. It seems like it should be =
reasonable to put in dev/test - run for a little while then promote. =
However, with 9.2.0.5 we didn't come up with problems until we used =
export/import and sql*loader.
Any thoughts on this?
"This e-mail is a critical technical alert which is being sent as a =
service to all MetaLink users!
The following Security Alert has been published on MetaLink by the =
Oracle Security Compliance team:
August 31, 2004
Severity: 1=20
Alert #68: Oracle Security Update"
---
To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe
To read recent messages - //freelists.org/archives/oracle-l/09-2004
Other related posts:
