RE: security alert - management up in arms

Paula, 
   The security alert states: "Oracle strongly recommends that you
comprehensively test the stability of your system upon application of any
patch prior to deleting any original files that are replaced by the patch." 
   If anyone can provide me a list of the files this patch replaces, I would
appreciate it. Maybe once I unzip the patch it will become obvious.

Dennis Williams
DBA
Lifetouch, Inc.

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Mercadante, Thomas F
Sent: Friday, September 03, 2004 7:01 AM
To: 'oracle-l@xxxxxxxxxxxxx'
Subject: RE: security alert - management up in arms

Paula,

You can always take the approach that if Oracle says it must be patched, and
you have warned management that the patch should be applied and tested
before it goes to production, then you have at least done your part to warn
everyone of the risks involved.

I think for the most part that Oracle patches do not at least cause any harm
- that at the very least there is *another* patch that should fix any new
problmes that arise.  We have entered a new world with these freekin Oracle
security patches.  We're being forced to apply patches even though we don't
have any exposure to the problem.

For example, if you do not allow the scheduling of jobs within Oracle, you
may not be exposed to the risk.  And yet we are forced to patch the
database.

Ah well.  Just patch it and be done with it.

Tom Mercadante
Oracle Certified Professional


-----Original Message-----
From: Paula_Stankus@xxxxxxxxxxxxxxx [mailto:Paula_Stankus@xxxxxxxxxxxxxxx] 
Sent: Thursday, September 02, 2004 1:28 PM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: security alert - management up in arms


Guys,


I had 3 managers ask me about this today.  I am planning to put in dev =
then prod but they want me to open emergency tickets and start doing =
now!!!!  All of our oracle databases are internal (inside of a = firewall).
=20

My concern is having recently been burnt on 9.2.0.5 Solaris 64-bit - = that
this not be another exercise in Oracle regression testing.

I know that a security patch is much more focused and likely doesn't = have
the same changes/impact as a patchset.  However, what does everyone = do in
terms of due diligence to ensure these security patches are not = going to
"break" Oracle functionality.  It seems like it should be = reasonable to
put in dev/test - run for a little while then promote.  = However, with
9.2.0.5 we didn't come up with problems until we used = export/import and
sql*loader.

Any thoughts on this?

"This e-mail is a critical technical alert which is being sent as a =
service to all MetaLink users!

The following Security Alert has been published on MetaLink by the = Oracle
Security Compliance team:

August 31, 2004
Severity: 1=20

Alert #68: Oracle Security Update"




---
To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe 
To read recent messages - http://freelists.org/archives/oracle-l/09-2004
---
To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe 
To read recent messages - http://freelists.org/archives/oracle-l/09-2004
--
To unsubscribe - mailto:oracle-l-request@xxxxxxxxxxxxx&subject=unsubscribe 
To search the archives - http://www.freelists.org/archives/oracle-l/

Other related posts: