October 2010 Security Patches
This is just a quick note to list a few of the interesting issues I’ve run into applying the October 2010 Security Patches to Windows 11.1.0.7 databases (32 and 64bit). For *nix platforms Oracle Security Patches come in 2 main flavours a Critical Patch Update and a Patch Set Update -the latter includes more than just the security fixes but is promoted as being better tested. Documentation for this is available on the Oracle Technology Network On Windows platforms the Security Updates are included in a separate bundle of patches (akin to the PSU but a different process). These tend to be quite large downloads and have historically had a few issues (notably the run of 4 consecutive patch bundles which left patched databases unstartable).
My issues with the latest set started with the Readmes, which I always read. The Patch Availability readme (MOS login required) states that Patch Bundle 33 contains the security fixes included in the October 2010 CPU. The Patch Readme states
Table 1 describes installation types and CPU applicability. For each installation type, it indicates the most recent CPU patch to include new security fixes that are pertinent to that installation type. If there are no security fixes to be applied to an installation type, then “None” is indicated. If a specific CPU is listed, then apply that CPU or any later CPU patch to be current with security fixes.
Installation Type Latest CPU with Security Fixes Server homes CPUJul2010 Client-Only Installations CPUJul2010
The following error was recorded twice in the Patch Application logs for the Patch33 bundle on windows when running catcpu.
SQL> @?/Bundle/Patch33/bug9758569.sql
SP2-0310: unable to open file “%ORACLE_HOME%/Bundle/Patch33/bug9758569.sql”
Investigation showed that this file exists in the downloadable zipfile, but not in the %ORACLE_HOME% directory. The file copy action appears to have been missed from the /config/actions.xml included with this patch. Running the file manually or updating the actions.xml file and reapplying the Bundle results in the .sql script being correctly executed.
Secondly some of these databases did not include xmldb. This resulted in the same symptoms as Metalink Note 443440.1 specifically
The catcpu.sql script in 10.2.0.3 patch 6 (p6012742_10203_WINNT.zip) creates invalid objects if XML is not installed
The same problem affects 10.2.0.3 patch 7 and 10.2.0.3 patch 8.
The same problem affects 10.2.0.4 patch 22 and patch 24.
The same problem affects 11.1.0.7 patch 13.
To which it looks like we can add 11.1.0.7 patch 33. The workaround for this is either to install XMLDB and rerun catcpu (which kind of defeats the point of a security process really since you should be reducing your attack surface not increasing it) or else (as we did) rerun catproc.sql and utlrp.sql from %ORACLE_HOME%/rdbms/admin
I’ll update this with any more odd gotchas if I find them. Meanwhile happy patching.
Hi,
I am applying Jan-2011 CPU patch to 11.1.0.7 oracle database on 32 bit windows os. The opatch went fine but the catcpu.sql is running for ever with logswitches for every 2 to 3 seconds. I increase my logfile and groups but it doesn’t help. Have you applied the same patch for your db’s. Please let me know.
Thanks,
Vidyanath
vidyanath
15 Apr 11 at 5:53 pm