April 18, 2007 11:28 AM PDT

Oracle to be more selective in patch development

By Joris Evers
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Oracle patches to fix 37 flaws
April 10, 2007; Oracle plugs 51 security flaws
January 16, 2007; Oracle offering early warning on security fixes
January 11, 2007; Patched Oracle database still at risk, bughunter says
April 26, 2006; Following trend, Oracle sets schedule for patches
November 18, 2004

Oracle plans to stop automatically producing security patches for all systems its software runs on, instead creating fixes for uncommon combinations on request, the company said Tuesday.

The various versions of Oracle's database software and business applications run on a wide variety of operating systems. The Redwood City, Calif.-based company has been releasing security fixes for the bulk of those. That's changing with its next scheduled patch release in July because some fixes were seldom downloaded, it said.

"There are certain platform and version combinations that historically have been inactive," Eric Maurice, a manager for security at Oracle, wrote on a corporate blog. "Instead of systematically creating (updates) for those inactive combinations, we will only produce those patches if clients specifically request them."

Oracle will continue to include the fixes in the main code and future releases of the applicable software programs, as well as in "patch sets," which are product updates that include more than just security fixes.

Oracle announced the change in its patch plans at the same time it put out its April fixes. The "Critical Patch Update" offers fixes for 36 vulnerabilities across Oracle's products, including 14 in the company's widely used database software. Several of the vulnerabilities could be exploited remotely by an anonymous attacker, Oracle said.

"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," Oracle said in a security advisory.

However, some Oracle customers using the Windows operating system will have to wait until April 30 for the database fixes. Oracle doesn't yet have an update for release 9.2.0.8 of its database software running on Windows because of quality issues, a company representative said.

Oracle's next Critical Patch Update is on July 17.

See more CNET content tagged:
Oracle Corp., database software, fix, combination, database

Add a Comment (Log in or register) 1 comment

They need to be more responsible
by wbenton April 21, 2007 10:27 AM PDT: Patch as required.

When a critical flaw is found... patch it within 24 hours.

When a non-critical flaw is found... patch it within 72 hours.

It's "Responsibility"... NOT "Selectivity" that is needed!!!

Walt; Reply to this comment

Latest tech news headlines

What you can--and can't--find about Palin on the Internet
Posted in News - Politics and Law by Stephanie Condon

September 4, 2008 10:20 PM PDT
Michael Moore plans Net-only film premiere
Posted in News - Digital Media by Steven Musil

September 4, 2008 9:20 PM PDT
McCain talks up oil drilling, green energy
Posted in News - Politics and Law by Declan McCullagh

September 4, 2008 9:11 PM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

Nanotech: The Circuits Blog
Timing rumors surface for AMD plant spin-off
Rumors persist that Advanced Micro Devices is planning to spin off all or part of its manufacturing operations.
Gallery
Photos: Ron Paul's RNC alternative
As the Republican convention took place just miles away, a crowd rallied for the former presidential candidate and his message of limited government, ensured civil liberties, lower taxes, and peace.
Digital Noise: Music and Tech
Was 1980s music that bad?
NPR asks listeners which year featured the best music, and the 1980s emerge as a bleak era. Personally, the '80s figure prominently in my collection, but well behind the 1970s.
Beyond Binary
Microsoft begins big ad push
Microsoft's multi-year push, estimated at $300 million, begins with a spot featuring Bill Gates and Jerry Seinfeld aired during Thursday's NFL game.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Digital Media
Michael Moore plans Net-only film premiere
Filmmaker plans to premiere his latest documentary exclusively on the Internet for free, forgoing the traditional theatrical release.
Video
Political party playlists
We know the Democrats and Republicans are split over policy issues, but does their musical taste fall down party lines too? And what kind of gadgets did they bring to the conventions to listen to their music? CNET reporter Kara Tsuboi finds out.
News - Politics and Law
What you can--and can't--find about Palin on the Internet
John McCain's choice of Sarah Palin as a running mate has inspired a wealth of creativity on the Internet.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Photos: The brains behind Google Chrome
Here's a look at some of the engineers and executives who took the stage at the company's headquarters as they unveiled the new browser.
Crossfade
Ying Yang Twins, 'Look Back At It': Free MP3 of the Day
This amped-up duo gets the party started with a mix of crisp, Southern hip-hop beats and shout-along rhymes. Download a free MP3 of "Look Back At It" courtesy of CNET Download Music.
Green Tech
Clean-tech group forms to support Obama
"Clean Tech and Green Business for Obama" aims to raise $1 million for the Democratic presidential nominee while elevating issues of climate change and alternative energy.