Finding Patch Tuesday on the calendar can be a bit like working out Easter. The date of Easter is determined by a combination of lunar and solar timing, so it jumps around with respect to the business calendar.
And different branches of the Christian Church use different solar calendars, adding yet more complexity to the calculation.
Just so for Patch Tuesday, where the definition depends on the vendor. You’d think that any Patch Tuesday would be weekly, but Microsoft’s patches are once a month, on the second Tuesday; Adobe’s are only once a quarter, on the second Tuesday; and Oracle’s, although also once a quarter, are on “the Tuesday closest to the 17th day of January, April, July and October.”
The Venerable Bede, who wrote the eighth century’s definitive treatise on the reckoning of time back in AD725, including how to avoid unholy mistakes when locating Easter, would have loved this stuff!
If you are an Oracle user, get ready for your very own Patch Tuesday, which comes tomorrow.
It’s majestically-sized, covering 28 listed products, one of which – the Oracle Sun Products Suite – itself covers ten sub-products, including Solaris and VirtualBox. The Oracle Fusion Middleware patches cover nine sub-products, including the Oracle HTTP server. And three components in the Oracle Open Office Suite get patches, too.
The patches fix a recorded 66 vulnerabilties, of which 34 are described as “remotely exploitable without authentication”. That’s roughly equivalent to what Microsoft deems critical – in other words, the sort of bug which might allow a network worm to spread without user involvement.
So, this Patch Tuesday isn’t just for Oracle Database customers – fixes apply to a large and eclectic list of products and components in the Oracle (and former Sun) stable. I advise you to look at the list in case you have any of them in your organisation.
One comment on “Patch Tuesday – now for 28 products in the Oracle stable”
During the Middle Ages, Easter was considered so important, that it was the start of the year. (So that the year changed during the middle of the month and that, if say Easter fell late in March one year and mid April the next, you'd have two 1st of Aprils in the same year.) Perhaps security professionals should consider changing their calendars to fit them around the various Patch Tuesdays.