Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: How to deal with Oracle patches? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
How to deal with Oracle patches?
Steve, who is using PeopleSoft, started to get exposed to Oracle's patches. He writes:

"I'm the security admin for a organization which uses PeopleSoft, which of course was purchased by Oracle last eyar. This meant, unfortunately, that I had to start subscribing ot the Oracle Critical Patch Update. [...] I've never figured out how to get actual details on the vulnerabilities it lists.
[...]
Maybe one [of your diary readers] can offer a tutorial or some tips"

Let us know if you have any pointers. I will add hints, URLs and other help to this diary. Among our group of handlers, we have kind of given up on covering Oracle patches due to the large number and missing details in advisories (plus, its not all that easy to get the advisories in the first place).

Kilynn writes that you can signup for notifications at http:/www.oracle.com/technology/deploy/security/alerts.htm . This will also provide access to the "Risk Matrix" which should also help in applying the patches. However, to know more you need to signup for a "MetaLink" account, which appears to be reserved for Oracle customers. (Actually the original poster, Steve, mentioned the risk matrix, but it wasn't too much help for him without details to adjust it for his environment. It wasn't clear to him how to get access to MetaLink as a former PeopleSoft customer).

I will be teaching next: Intrusion Detection In-Depth - SANS San Antonio 2019

Johannes

3530 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!