Q

How do I know if I really need a patch?

When I asked Oracle about a specific vulnerability in the latest advisory, the answer was simply a rehash of the matrix. I wanted to understand if our particular situation is actually vulnerable since we do not use the feature in question. How do I know if I actually need this patch?

This Content Component encountered an error
When I asked Oracle about a specific vulnerability in the latest advisory, the answer was simply a rehash of the matrix. I wanted to understand if our particular situation is actually vulnerable since we do not use the feature in question. The support engineer said that she has been instructed by Oracle only to repeat the risk matrix. She is prohibited from telling me anything else. How do I know if I actually need this patch?
Oracle is in a precarious position with respect to revealing information about security vulnerabilities, as are other database software companies. They need to notify their clients about potential security problems and provide fixes, but they must be careful to not reveal too much information about the vulnerabilities themselves. This is, in part, to protect the client. If there was specific, detailed information widely available about security vulnerabilities, it's quite possible that those with less than honorable intentions could target more companies or organizations.

You can usually tell whether you need to apply the patch by the components affected or behavior the patch is attempting to fix. Another source of information is searching the Internet or forums for that specific patch. Other DBAs may post more information about what the patch fixes.

This was first published in August 2005

Dig deeper on Oracle database installation, upgrades and patches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close