Version: 2008
  • On MovieTome: See the villain of IRON MAN 2!
advertisementGet Smart about Business Spending

April 18, 2007 11:28 AM PDT

Oracle to be more selective in patch development

By Joris Evers
Staff Writer, CNET News

  • 1 comment
Related Stories

Oracle patches to fix 37 flaws

 April 10, 2007

Oracle plugs 51 security flaws

 January 16, 2007

Oracle offering early warning on security fixes

 January 11, 2007

Patched Oracle database still at risk, bughunter says

 April 26, 2006

Following trend, Oracle sets schedule for patches

 November 18, 2004
Oracle plans to stop automatically producing security patches for all systems its software runs on, instead creating fixes for uncommon combinations on request, the company said Tuesday.

The various versions of Oracle's database software and business applications run on a wide variety of operating systems. The Redwood City, Calif.-based company has been releasing security fixes for the bulk of those. That's changing with its next scheduled patch release in July because some fixes were seldom downloaded, it said.

"There are certain platform and version combinations that historically have been inactive," Eric Maurice, a manager for security at Oracle, wrote on a corporate blog. "Instead of systematically creating (updates) for those inactive combinations, we will only produce those patches if clients specifically request them."

Oracle will continue to include the fixes in the main code and future releases of the applicable software programs, as well as in "patch sets," which are product updates that include more than just security fixes.

Oracle announced the change in its patch plans at the same time it put out its April fixes. The "Critical Patch Update" offers fixes for 36 vulnerabilities across Oracle's products, including 14 in the company's widely used database software. Several of the vulnerabilities could be exploited remotely by an anonymous attacker, Oracle said.

"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," Oracle said in a security advisory.

However, some Oracle customers using the Windows operating system will have to wait until April 30 for the database fixes. Oracle doesn't yet have an update for release 9.2.0.8 of its database software running on Windows because of quality issues, a company representative said.

Oracle's next Critical Patch Update is on July 17.

See more CNET content tagged:
Oracle Corp., database software, fix, combination, database

Add a Comment (Log in or register)
They need to be more responsible
by wbenton April 21, 2007 10:27 AM PDT
Patch as required.

When a critical flaw is found... patch it within 24 hours.

When a non-critical flaw is found... patch it within 72 hours.

It's "Responsibility"... NOT "Selectivity" that is needed!!!

Walt
Reply to this comment
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Oracle Corporation (1.16%) 0.26 22.60
Dow Jones Industrials (1.29%) 132.79 10,450.95
S&P 500 (1.36%) 14.86 1,106.24
NASDAQ (1.40%) 29.97 2,176.01
CNET TECH (1.71%) 26.91 1,604.16
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET