Skip to Main Content
  • Questions

  • Test to be performed after Critical Patch Application

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Priscila.

Asked: September 21, 2017 - 11:48 pm UTC

Last updated: September 22, 2017 - 3:17 am UTC

Version: Oracle Database Version 11.2.0.4

Viewed 1000+ times

You Asked

Hello Oracle Masters,

Thanks for taking the time and answer our questions!

Is there any kind of test or validation to run after applying the critical patch update?

I have applied the Critical Patch Update - July 2017 and would like to know if there is a specific test to get if the patch actually fixed the database vulnerability.

CVE-2017-10202

CVE-2016-2183

CVE-2014-3566

Thank you.

and Connor said...

I suppose there are two things to consider here

1) "Sanity Check"

After any kind of software change, I would have a basic test to ensure the core (or critical) parts of your business applications function as expected.

2) "Proof of Solution Check"

That the patch you have applied does indeed solve the issue. I dont have explicit instructions for the security fixes you've mentioned (and typically the means to exploit them are not publicly available, because that just make their usage in a malicious way all the more easy). Ultimately, a lot of people take the resolution on good faith, but you could ask Support for a test case to demonstrate that the fix works.

Is this answer out of date? If it is, please let us know via a Comment
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's channel and Chris's channel from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Administration

Need more information on Administration? Check out the Administrators guide for the Oracle Database