Category: Security Patch Update

Oracle Security Patch Update also known as Critical Patch Update

Latest Critical Patch Updates from Oracle – October 2023

On October 17, Oracle released its quarterly Critical Patch Update Advisory. This comprehensive advisory contains details about 387 new security patches for various Oracle product families. Among them are some serious vulnerabilities that can be exploited remotely over the network, i.e. with a CVSS rating of 9 or more. The entire advisory can be found […]

Easily mitigate log4j vulnerability in Oracle Unified Directory

In December 2021, the critical vulnerability in Apache Log4j (CVE-2021-44228) was disclosed. With a CVSS rating of 10 out of 10, this vulnerability was or is extremely critical. Especially since Log4j is used relatively widely. Despite a great effort, many applications could only be corrected with a delay. Thus, it is not surprising that this […]

Oracle CPU / PSU Advisory July 2019

Recently, just in the middle of the summer holidays, Oracle has released the third Critical Patch Advisory for its products. It seems there’s a lot of work going on in Redwood Shore. Oracle has fixed about 319 security vulnerabilities across their products. The Oracle database is relatively prominently represented with 9 security vulnerabilities and a […]

Oracle CPU / PSU Advisory October 2018

Oracle has recently published the Critical Patch Update Advisory for the October 2018. It’s once more quite a heavy update with not less than 301 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8. The problem CVE-2018-3259 with such […]

Oracle CPU / PSU Pre-Release Announcement July 2018

Today Oracle has published the Pre-Release Announcement for the July 2018 Critical Patch Update. It’s quite a heavy update with not less than 334 security vulnerability fixes across the Oracle products. The Oracle database is relatively prominently represented with 3 security vulnerabilities and a maximal CVSS rating of 9.8. Of the vulnerabilities is remotely exploitable […]

Oracle CPU / PSU April 2018

Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases. This vulnerability is not remotely […]

Oracle CPU / PSU Announcement October 2017

The Oracle open world 2017 is over, the dust just settled down. A perfect time for Oracle to release the October critical patch advisory. With not less than 270 new security vulnerability fixes across the Oracle products it seems to be a rather huge update. From the DB perspective it is nothing unusual. It contains […]

Oracle CPU / PSU Announcement April 2017

Last night Oracle released there new Critical Patch Update. From the DB perspective it is a rather small patch update. It just includes 2 fixes for security vulnerabilities on Oracle database 11.2.0.4 and 12.1.0.2. None of the vulnerabilities are remote exploitable without authentication but one fix is also for client only installations. The highest CVSS […]

Oracle CPU / PSU Pre-Release Announcement July 2016

Oracle has published the Pre-Release Announcement for the July 2016 Critical Patch Update. It’s quite a huge update with not less than 276 security vulnerability fixes across the Oracle products. For the Oracle Database itself are 9 security fixes available. Dies ist wiederum eines der größeren Critical Patch Update for databases. It does contain bug […]

OPatch silent and unattended

In general I use Oracle OPatch interactively in command line mode to install patch set updates. But recently I did patch a system cloud based system, with a confusing network timeout. As expected I did get a broken pipe while executing OPatch. Ok, the system is also damn slow, which is not exactly helpful. Never […]

Oracle CPU / PSU Pre-Release Announcement January 2015

Oracle has published the Pre-Release Announcement for the first Critical Patch Update in 2015. This Critical Patch Update contains 167 new security vulnerability fixes across all Oracle products. It looks like that this CPU does contain a bunch of critical security fixes for Oracle databases. Actually there are 7 fixes for security vulnerabilities, but none […]

Oracle CPU / PSU Pre-Release Announcement July 2014

Oracle has published the Pre-Release Announcement for the July 2014 Critical Patch Update. It looks like that the next Critical Patch Update is somewhat more extensive from the database point of view. It does contain six bug fix for some major security issues. Some of the vulnerabilities may be remotely exploitable without authentication. The security […]

Oracle released CPU / PSU April 2014

As announced last week in my post Oracle CPU / PSU Pre-Release Announcement April 2014, Oracle has now released the Critical Patch Updates for April 2014. Overall this CPU contains 104 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For Oracle Database it contains only […]

Oracle CPU / PSU Pre-Release Announcement April 2014

Today Oracle has published the Pre-Release Announcement of the CPU Advisory for April 2014. This Critical Patch Update contains 103 new security vulnerability fixes for several Oracle products. There are only a few days since the publication of the vulnerability CVE-2014-0160 known as “Heartbleed”. Therefore I assume, that this patch update does not yet address […]

Oracle CPU / PSU Pre-Release Announcement January 2014

Today Oracle has published the Pre-Release Announcement for the first CPU Patch in 2014. This Critical Patch Update contains 147 new security vulnerability fixes for several Oracle products. From the Oracle database point of view it is a small update. There are only five security fix for the Oracle Database Server and no for client-only […]

Oracle released CPU / PSU October 2013

As announced yesterday in my post Oracle CPU / PSU Pre-Release Announcement October 2013, Oracle has now released the last Critical Patch Updates for 2013. Overall this CPU contains 126 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For Oracle Database it contains only 2 […]

Changes in database security patching with 12c

During my preparation for the tests of October Critical Patch Updates (CPU), I stumbled over an interesting Oracle Support Document. I this document Oracle announced that there will nolonger be seperate SPU (Security Patch Update) respectively CPU (Critical Patch Update) for 12.1.0.1 and newer. Excerpt from Oracle support document 1581950.1 Database Security Patching from 12.1.0.1 […]

Oracle CPU / PSU Pre-Release Announcement October 2013

Oracle has published the Pre-Release Announcement for the October CPU/SPU Patch. This Critical Patch Update contains 126 new security vulnerability fixes for several Oracle products. Despite the large amount of security fixes, it is a rather small update from the database point of view. There are only two security fix for the Oracle Database Server […]

How to find latest oracle database patchset

It is sometimes a bit of a hassle, to have the latest patch name or number on hand, when you need them. Ok, you may search on My Oracle Support and save it as custom search. But it may happen that the search is inaccurate and the required patch is not found. A much easier […]

Oracle released CPU / PSU July 2013

About a week ago Oracle has released the July Critical Patch Updates. Overall this CPU contains 89 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For Oracle Database Server it does contain 6 fixes, but none of them is for client-only installation. 1 of these […]

Oracle released CPU / PSU January 2013

As announced in my post about Oracle’s pre-release announcement of last week, Oracle has now released the first Critical Patch Updates for 2013. Overall this CPU contains 86 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For products like Oracle Database Mobile it does contain […]

Oracle CPU / PSU Pre-Release Announcement January 2013

Once again, Oracle has published the Pre-Release Announcement for the first CPU Patch in 2013. This Critical Patch Update is reasonably small and contains 86 new security vulnerability fixes for several Oracle products. Only one of these fixes is just for the Oracle Database Server.

Oracle CPU Pre-Release Announcement – April 2011

Late last week Oracle published the Oracle Critical Patch Update Pre-Release Announcement – April 2011. The official Oracle Critical Patch Update for April 2011 will be released somewhen on the 19th of april. This CPU includes up to 73 security fixes for all kind of Oracle products. 6 out of them are just forfor the […]