Patch everything

One of the most important security measures is patching. CERT say 95% of all intrusions are made using known vulnerabilities, so always keep your software updated with the latest patch. This includes the Operating system. Oracle releases a quarterly Critical Patch Update (CPU) that contains security patches for all implicated Oracle products. Check this Whitepaper. You can subscribe to Oracle Security Alerts at the Oracle Technology Network (OTN) site. Also remember to install the normal patch sets as they are released. You can get patch sets from Oracle Metalink, but only if you have an active support agreement. I know of no way to get notified when normal patch sets become available, so visit Metalink on a regular basis.

The Oracle XML DB HTTP is patched via the database patches. The OHS servers should be patched with patches from Oracle not from Apache. Apache servers installed directly from Apache should be patched via http://httpd.apache.org. Apache does not as such release patches, but releases a whole new version when it is needed.


Author: PeterLorenzen - 06 May 2007

Comments