1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed

Information

The Oracle installation version and patches should be the most recent that are compatible with the organization's operational needs.

Rationale:

Using the most recent Oracle database software, along with all applicable patches can help limit the possibilities for vulnerabilities in the software, the installation version and/or patches applied during setup should be established according to the needs of the organization. Ensure you are using a release that is covered by a level of support that includes the generation of Critical Patch Updates.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following step for remediation:
Download and apply the latest quarterly Critical Patch Update patches.

References:

http://www.oracle.com/us/support/assurance/fixing-policies/index.html

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

http://www.oracle.com/us/support/library/lifetime-support-technology-069183.pdf

See Also

https://workbench.cisecurity.org/benchmarks/13413

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(5), CSCv6|2, CSCv7|2.2

Plugin: OracleDB

Control ID: d36bb8b7e8ad88ae5a1e91dd77d15c3e141d253e2cd041d5180b54242f81e44b