Please note that "OEL" is an obsolete term - the brand name was changed to "Oracle Linux" almost three years ago. Updates for critical security issues and bugs are actually published on an ongoing schedule. They are publicly available immediately via our public-yum repository. If you want to receive notifications about published updates, you can subscribe yourself to the Errata mailing list. More details about each security update can also be obtained from here: CVE Summaries and Errata Summaries
By using the yum security plugin, you can also query the remote yum repository for all pending security updates.