Well, this is a bugger.
“On October 18, I received an e-mail notification from Oracle/PeopleSoft that they released new path levels for their products that contain critical fixes, urging that we install them,” the reader wrote. “For the company I work for, this meant upgrading our PeopleTools release from 8.46.10 to 8.46.16. Over the years we’ve been running PeopleSoft, we’ve learned that we can’t just take them at their word because we have always experienced some transitional instability and performance hits in the past with PeopleTool upgrades, without exception. We simply do not update the software unless there is a pressing need that addresses known, specific issues that affect our implementations.”
The subject of the above passage was in a quandary and did what any self respecting IT person would do. He emailed support. Well they did the standard Oracle best and toed the line
“As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit,” the Oracle manager told him in one e-mail. “Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs.”
The customer was at a loss as he was faced with a patch that caused more problems than in solved. This seems to pop more often as applications are tightly coupled to databases and operating systems. Crappy day. For the rest of the story please read on.
Article Link (via Pete Finnigan)
[tags]Oracle, Security Patch, Database Security, Security Gripes[/tags]
