STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-238432r667470_rule
V-238432
SRG-APP-000456-DB-000390
O112-C1-011100
CAT I
10
Upgrade the DBMS to a vendor-supported version.
Apply the latest DBMS patches.
Follow the vendor instruction for determining the product version number. View the vendor-provided list of supported versions. To be considered supported, the vendor must report that the version is supported by security patches to reported vulnerabilities. If the security patch support for the installed version cannot be determined or the version is not shown as supported, this is a finding.
If the software does not contain the latest security patches, this is a finding.
Oracle produces security patches on a quarterly basis on or about the fifteenth of the month. The first patch of a calendar year is delivered in January and then April, July and October respectively. There is an automated notice that is available to anyone with access to My Oracle Support. Check to see if the DBA or Administrator of the Oracle account at My Oracle Support is registered to receive the Oracle Security Patch notice. This notice is available to anyone with a valid My Oracle Support. The security notification contains information on the current security update and also the platforms and versions that will be supported by the next patch. For complete information on the availability of the security patch for your specific system, please refer to the Oracle Lifetime Support Policy. Check My Oracle Support for the latest Oracle Quarterly Patch Update patch number, and then check the inventory of the instance you are reviewing and see if the latest security patch is installed using the following command.
Issue the following command:
$ <ORACLE_HOME>/OPatch/opatch lsinventory -detail -oh <ORACLE_HOME>
Check to see if the latest available patch is installed.
If the latest available patch is not installed, this is a finding.
V-238432
False
O112-C1-011100
Follow the vendor instruction for determining the product version number. View the vendor-provided list of supported versions. To be considered supported, the vendor must report that the version is supported by security patches to reported vulnerabilities. If the security patch support for the installed version cannot be determined or the version is not shown as supported, this is a finding.
If the software does not contain the latest security patches, this is a finding.
Oracle produces security patches on a quarterly basis on or about the fifteenth of the month. The first patch of a calendar year is delivered in January and then April, July and October respectively. There is an automated notice that is available to anyone with access to My Oracle Support. Check to see if the DBA or Administrator of the Oracle account at My Oracle Support is registered to receive the Oracle Security Patch notice. This notice is available to anyone with a valid My Oracle Support. The security notification contains information on the current security update and also the platforms and versions that will be supported by the next patch. For complete information on the availability of the security patch for your specific system, please refer to the Oracle Lifetime Support Policy. Check My Oracle Support for the latest Oracle Quarterly Patch Update patch number, and then check the inventory of the instance you are reviewing and see if the latest security patch is installed using the following command.
Issue the following command:
$ <ORACLE_HOME>/OPatch/opatch lsinventory -detail -oh <ORACLE_HOME>
Check to see if the latest available patch is installed.
If the latest available patch is not installed, this is a finding.
M
4057