1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed

Information

The Oracle installation version and patches should be the most recent that are compatible with the organization's operational needs.

Rationale:

Using the most recent Oracle database software, along with all applicable patches can help limit the possibilities for vulnerabilities in the software, the installation version and/or patches applied during setup should be established according to the needs of the organization. Ensure you are using a release that is covered by a level of support that includes the generation of Critical Patch Updates.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following step for remediation:
Download and apply the latest quarterly Critical Patch Update patches.

References:

http://www.oracle.com/us/support/assurance/fixing-policies/index.html

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

http://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf

See Also

https://workbench.cisecurity.org/files/2741

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5), CSCv6|2, CSCv7|2.2

Plugin: OracleDB

Control ID: e269021a9191c7bfbb2e7fccb10c9e01a2f312105b895c243ac9f7e2d7cab02b