Patch Tuesday - now for 28 products in the Oracle stable

Filed Under: Adobe, Malware, Microsoft, Oracle, Vulnerability

Finding Patch Tuesday on the calendar can be a bit like working out Easter. The date of Easter is determined by a combination of lunar and solar timing, so it jumps around with respect to the business calendar.

And different branches of the Christian Church use different solar calendars, adding yet more complexity to the calculation.

Just so for Patch Tuesday, where the definition depends on the vendor. You'd think that any Patch Tuesday would be weekly, but Microsoft's patches are once a month, on the second Tuesday; Adobe's are only once a quarter, on the second Tuesday; and Oracle's, although also once a quarter, are on "the Tuesday closest to the 17th day of January, April, July and October."

The Venerable Bede, who wrote the eighth century's definitive treatise on the reckoning of time back in AD725, including how to avoid unholy mistakes when locating Easter, would have loved this stuff!

If you are an Oracle user, get ready for your very own Patch Tuesday, which comes tomorrow.

It's majestically-sized, covering 28 listed products, one of which - the Oracle Sun Products Suite - itself covers ten sub-products, including Solaris and VirtualBox. The Oracle Fusion Middleware patches cover nine sub-products, including the Oracle HTTP server. And three components in the Oracle Open Office Suite get patches, too.

The patches fix a recorded 66 vulnerabilties, of which 34 are described as "remotely exploitable without authentication". That's roughly equivalent to what Microsoft deems critical - in other words, the sort of bug which might allow a network worm to spread without user involvement.

So, this Patch Tuesday isn't just for Oracle Database customers - fixes apply to a large and eclectic list of products and components in the Oracle (and former Sun) stable. I advise you to look at the list in case you have any of them in your organisation.

Oracle's announcement is here.

, , , , , , , , , , ,

You might like

One Response to Patch Tuesday - now for 28 products in the Oracle stable

  1. During the Middle Ages, Easter was considered so important, that it was the start of the year. (So that the year changed during the middle of the month and that, if say Easter fell late in March one year and mid April the next, you'd have two 1st of Aprils in the same year.) Perhaps security professionals should consider changing their calendars to fit them around the various Patch Tuesdays.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog