|
|
|
|
|
July 2010 Critical Patch Update Released Includes 21 New Fixes for Oracle Sun Product Line July 19, 2010, Volume 149, Issue 3
The July 2010 Oracle Critical Patch Update (CPU) contains 59 new security fixes across all of Oracle's product families, including 21 new fixes affecting Oracle Sun products. Former Sun technologies patched in this update are Solaris/OpenSolaris, Sun Java System Web Proxy Server, Sun Convergence, Access Manager/OpenSSO, Solaris Studio, and Sun GlassFish Enterprise Server/Sun Java System Application Server. According to Oracle, seven of these 21 vulnerabilities may be remotely exploitable without authentication, meaning they may be exploited over a network without the need for a username and password. The Critical Patch Update is the primary mechanism Oracle will be using to communicate the release of security fixes for the Sun product lines. An out-of-cycle Security Alert could be issued in case of a unique or dangerous threat for Sun products. In this event, customers will be notified of the Security Alert by email notification through My Oracle Support and Oracle Technology Network (OTN). Users should also note that fixes coming in Security Alerts will be included in the next Critical Patch Update. Oracle provides Critical Patch Updates or CPUs every quarter to fix security vulnerabilities. The next Oracle CPU advisory is expected to be published October 2010. Sun users just being introduced to the Oracle Software Security Assurance policies and procedures may want to read through a short document on OTN, which highlights changes made by Oracle to the security vulnerability handling policies for the Sun product line. Anyone interested in providing feedback regarding Oracle's security patching procedures is encouraged to join in a new security assurance survey being conducted by Oracle and the Independent Oracle User Group (IOUG). Eric Maurice, writing for The Oracle Global Product Security Blog, says the purpose of this survey is to gather feedback from as many organizations as possible about their security patching practices and to identify which security assurance topics are most relevant to Oracle customers. Survey responses will be kept confidential, and the results will be analyzed jointly by Oracle and IOUG to evaluate Oracle's security assurance practices. The survey is hosted by IOUG's Enterprise Best Practices Special Interest Group (SIG). Free SIG membership is required to access the survey. Besides the Oracle Sun products, new security fixes in Oracle's July 2010 CPU have been issued for:
More Information
July 2010 Oracle Critical Patch Update (CPU) Changes in security policies for the Sun product lines
Critical Patch Updates and Security Alerts
[...read more...]
Keywords:
|
|
||||||||||||||||||||||||||||||
Oracle is in the process of aligning the policies and practices previously in place at Sun Microsystems with Oracle Software Security Assurance policies and procedures.
Print
Email
July 2010 Critical Patch Update Released
(this article)
|
News and Solutions for Users of Solaris, Java and Oracle's Sun hardware products
Just the news you need, none of what you don't – 42,000+ Members – 24,000+ Articles Published since 1998 |
Copyright © 1998-2011 System News, Inc.
