FYI...

Oracle updates - 36 Patches
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
April 17, 2007
"...This Critical Patch Update contains 36 new security fixes across all products..."


.

FYI...

Oracle Critical Patch Update - October 2007
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
October 16, 2007
"...This Critical Patch Update contains 51 security fixes across the hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."


.

FYI...

> http://sentrigo.com/press_releases-newsid-39.htm
January 14, 2008 - "...Results highlight that most organizations are not taking advantage of Oracle CPUs in a timely manner, if at all. Findings include:
* When asked: “Have you installed the latest Oracle CPU?” – Just 31 people, or ten percent of the 305 respondents, reported that they applied the most recently issued Oracle CPU.
* When asked: “Have you ever installed an Oracle CPU?” – 206 out of 305 OUG attendees surveyed, or 67.5 percent of the respondents said they had never applied any Oracle CPU..."

Oracle Critical Patch Update - January 2008
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
January 15, 2008 - "...This Critical Patch Update contains 27 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

FYI...

Oracle Critical Patch Update - April 2008
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2008.html
April 15, 2008 - "...This Critical Patch Update contains 41 security fixes across hundreds of Oracle products. Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products..."

Downloads
- http://www.oracle.com/technology/software/index.html

.

FYI...

Oracle Critical Patch Update Advisory - July 2008
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html
2008-JUL-15 - Initial release
"...Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible..."

- http://isc.sans.org/diary.html?storyid=4732
Last Updated: 2008-07-15 20:45:56 UTC ...(Version: 2) - "...first time patches for BEA, Hyperion and TimesTen technology are included in the release. If you are running software from these recently-acquired vendors, please be aware..."

FYI...

Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3257
Last revised: 7/24/2008
CVSS v2 Base score: 10.0 (High)

- http://www.oracle.com/technology/deploy/security/alerts/alert_cve2008-3257.html
28-July-2008 - Initial release - "...Until fixes are available, workarounds described at:
- https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
provide protection against this vulnerability..."

> http://xforce.iss.net/xforce/xfdb/43885

FYI...

Oracle Critical Patch Update Advisory - October 2008
- http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html
Oct. 14, 2008 - "...Please refer to Critical Patch Updates* and Security Alerts for information about Oracle Security Advisories. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 36 new security fixes across all products..."
* http://www.oracle.com/technology/deploy/security/alerts.htm

- http://secunia.com/advisories/32291/
Release Date: 2008-10-15
Critical: Moderately critical