When I asked Oracle about a specific vulnerability in the latest advisory, the answer was simply a rehash of the matrix. I wanted to understand if our particular situation is actually vulnerable since we do not use the feature in question. The support engineer said that she has been instructed by Oracle only to repeat the risk matrix. She is prohibited from telling me anything else. How do I know if I actually need this patch?

    Requires Free Membership to View

Oracle is in a precarious position with respect to revealing information about security vulnerabilities, as are other database software companies. They need to notify their clients about potential security problems and provide fixes, but they must be careful to not reveal too much information about the vulnerabilities themselves. This is, in part, to protect the client. If there was specific, detailed information widely available about security vulnerabilities, it's quite possible that those with less than honorable intentions could target more companies or organizations.

You can usually tell whether you need to apply the patch by the components affected or behavior the patch is attempting to fix. Another source of information is searching the Internet or forums for that specific patch. Other DBAs may post more information about what the patch fixes.

This was first published in August 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: