Oracle's Critical Patch Update Program

What You Need to Know about Oracle’s Critical Patch Update (CPU) Program

Written on . By CPM Solutions

Oracle releases the latest version of your Oracle Primavera P6 product suite through My Oracle Support.  In addition, Oracle releases quarterly Critical Patch Updates (CPUs) to fix security vulnerabilities in your software product. It is important to review these patches when released to monitor your Oracle product’s security risks.

To save you time and effort, Oracle tries to group Critical Patch Updates (CPUs) into cumulative patches. This means that the latest CPU will contain all of the required fixes. One-off patches are less frequent and only provide a single patch. Security patches are included in the newest product releases as they are released by Oracle. If you order a new product license it will come with the latest Critical Patch Updates and you will not have to apply any recent patches.

Each CPU comes with documentation, listing the products it affects, the CVSS rating, and a risk matrix to help you assess risk. Of course, Oracle offers a “plain English” explanation with each risk matrix.

CVE Numbers

Each CPU is given a Common Vulnerabilities and Exposures (CVE) number. These numbers are unique identifiers for each security risk. CVE numbers do not correspond with the date that the security was discovered or the CVE number was created.

Common Vulnerability Scoring System (CVSS)

Oracle uses the Common Vulnerability Scoring System (CVSS) to rate each security risk. The CVSS is a universal standard rating system that can help you determine the level of risk the vulnerability poses to your data and organization. Scoring is between 0 and 10, where 10 is the most severe risk.

What Does This Mean For Your License(s)?

Perpetual Licenses

To receive CPUs and the latest versions of products, you will have to pay for Oracle Support each year. Between product upgrades, it is recommended to update your software with the latest patches to protect your data. As Oracle releases product versions, an optional upgrade is available, which contains all of the latest patches that were released. You may also continue on your current license version and apply patches as needed without upgrading.

Yearly Licenses

If you have purchased a yearly license, it is less likely that you have purchased Oracle Support. In this case, you will repurchase a new license each year that will give you access to the latest version of P6, which includes the security patches. You will have to install P6 on your computer again and reconfigure your database to the newer software. Since you do not have access to Oracle Support (unless you purchase it), you will not have access to the CPUs individually and cannot apply CPUs to the software without reinstalling your software.

More Questions?

Feel free to contact us if you have any questions about CPUs or upgrading your license of P6. Our P6 consultants have years of experience with applying patches and installing license upgrades.

Learn more about Oracle security HERE.
Access Oracle’s Security Blog HERE.
Find out about Critical Patch Updates, Security Alerts, and Third Party HERE.