Doc ID: |
Note:293955.1 |
Subject: |
Oracle Critical Patch Update January 2005 FAQ |
Type: |
FAQ |
Status: |
PUBLISHED |
|
Content Type: |
TEXT/X-HTML |
Creation Date: |
15-DEC-2004 |
Last Revision Date: |
21-JAN-2005 |
|
Note: 293955.1
Oracle Critical Patch Update January 2005 FAQ
Release
Date:
January 18th, 2005
Important:
This is a live document and is updated as needed. Please take note of the Modification
History at the bottom of this document and refresh your browser.
INTRODUCTION
This FAQ was produced to address questions and
concerns regarding Oracle Critical Patch Update January 2005 (CPUJan2005). The questions in this FAQ are
categorized by Oracle products that are applicable to CPUJan2005.
Non-product specific questions are categorized in the General section. The
following MetaLink Notes should be thoroughly reviewed for CPUJan2005:
Note 293953.1
Oracle Critical Patch Update January 2005 Advisory
Note 290738.1
Oracle Critical Patch Update Program General FAQ
Note 293737.1
Oracle Critical Patch Update January 2005 Pre-Installation Note for
Oracle Database Server
Note 293738.1 Oracle Critical Patch Update January 2005 Pre-Installation Note for
Oracle Application Server
Note 293740.1
Oracle Critical Patch Update January 2005 Pre-Installation Note for
Oracle Collaboration Suite
Note 293741.1
Oracle Critical Patch Update January 2005 Pre-Installation Note for
Oracle E-Business Suite
Note 295108.1
Oracle Critical Patch Update January 2005 Pre-Installation Note for OEM
Grid Control
Note 237007.1
FAQ for Oracle Security Alerts and Critical Patch Updates
QUESTIONS BY CATEGORY
[TOP]
QUESTIONS AND ANSWERS BY CATEGORY
General
1.
Are there details available about exploiting the
vulnerabilities covered in Critical Patch Update January 2005?
As a matter of policy, Oracle will not provide
additional information about the specifics of vulnerabilities beyond what is
provided in the CPU or Security Alert notification, the pre-installation notes,
the readme files, and FAQs. Oracle does not provide advance notification on CPU
or Security Alerts to individual customers.
2.
Do
the components listed in the Advisory Risk Matrix include only the new fixes in
the Critical Patch Update – January 2005 or do they list all security
vulnerabilities from previous alerts?
The Risk Matrix includes only new fixes that are
included in the Critical Patch Update for January 2005.
3.
I
have not installed Security Alert 68.
Do I need to install that before the Critical Patch Update January 2005?
This Critical Patch Update is a cumulative update
(including all Oracle Security Alert #68 fixes) containing fixes for multiple
security vulnerabilities. Therefore
you will not need to install the Security Alert 68 patches first if you install
the Critical Patch Update January 2005.
4.
Where do I find information about downloading patches for the Critical Patch
Update January 2005?
The
Critical Patch Update advisory is the starting point for more information and to
obtain the patches. It contains a summary of the security vulnerabilities and
links to other important documents such as the Pre-Installation Notes. There is
a Pre-Installation Note for each product which explains how to determine which
patches need to be installed for that product
and how to download them.
[List of General questions]
[TOP]
Oracle Database Server (DB)
1. According to the Advisory Risk Matrix, some of
the database vulnerabilties require certain system privilege and object
privilege. Can I just revoke those
privilege from the users and apply the CPUJan2005 patches at a later time?
Oracle recommends customers apply the CPUJan2005
as soon as possible. Revoking
certain system privileges or object privileges on certain objects may cause your
applications to function incorrectly.
2. There are patches available for the 9.0.1.4 and
9.0.1.5 databases listed in the Application Server Pre-Installation Note but not
the Database Server Pre-Installation Note.
Can I apply those patches on my 9.0.1.4 or 9.0.1.5 database?
The patches provided for the 9.0.1.4 and 9.0.1.5
databases are strictly for Application Server customers who are using their
9.0.1 database as an Applicatoin Server Metadata Repository.
It is not recommended that you apply these patches to your independent
9.0.1 databases.
[List of DB questions]
[TOP]
Oracle Enterprise Manager (OEM)
No issue
reported.
[List of OEM
questions]
[TOP]
Oracle HTTP Server (OHS)
No issue
reported.
[List of OHS questions]
[TOP]
Oracle Application Server (OAS)
No issue
reported.
[List of OAS questions]
[TOP]
Oracle Collaboration Suite (OCS)
No issue
reported.
[List of OCS questions]
[TOP]
Oracle E-Business Suite (EBS)
No issue
reported.
[List of EBS questions]
[TOP]
MODIFICATION HISTORY
18-JAN-05: FAQ initially released.
21-JAN-05: Added questions 1-4 in the General section and 1-2 in the Database
section.
###
.
|