Proactive Patching Overview
1.Proactive Patching Overview
Between Patch Set releases, Oracle's proactive patching program provides critical fixes to customers on a regular, predictable schedule in support of best maintenance practices.
Proactive patches are released on the same quarterly schedule as the Critical Patch Updates program releases, specifically the Tuesday closest to the 17th of January, April, July, and October. Exceptions to this schedule are documented in the product bundle patch documentation listed in the tables below.
There are a few different types of proactive patches - Patch Set Updates (PSUs), Product Bundle Patches, and Suite Bundle Patches. They all share the following characteristics:
- Cumulative Content: The most recent patch can be applied, and it includes all fixes previously released in earlier patches for the patch set or base release.
- CPU (Critical Patch Update) program security fixes: All security fixes announced in the CPU Advisory for this product are included in the proactive patch. Please see the Critical Patch Updates, Security Alerts and Third Party Bulletin for a listing of all CPU Advisories released to date.
- Well tested: The patches are tested for regressions and functional correctness.
- Supported: If an Oracle product has been certified with specific patchset versions of another Oracle product, it is supported with any Oracle provided interim patches including the proactive patches. For example, Oracle Service Bus 11.1.1.7.x is supported with all of the WebLogic Server 10.3.5 and 10.3.6 PSUs (WebLogic Server versions 10.3.5.0.x and 10.3.6.0.x).
The patch types differ in the nature of their content as follows:
- Patch Set Update (PSU): The content is highly controlled. Enhancements are not included.
- Product Bundle Patch: The content is controlled. Small enhancements may be included.
- Suite Bundle Patch: A collection of product bundle patches for a suite (e.g., an Oracle Identity Management Suite bundle patch consisting of OAM, OAAM, and OIM).
Oracle associates a version number to each proactive patch. The fifth number of the product version is incremented for each patch. For example, if the initial SOA Suite Bundle Patch is version 11.1.1.6.1, the second Bundle Patch for Release 11.1.1.6 is 11.1.1.6.2, and so on.
This enables customers and Oracle Support to refer to just one number, the version, rather than a list of interim patches or sets of bundles that have been applied.
NOTE: Effective November 2015 the version numbering format has changed. The new format replaces the numeric 5th digit of the bundle version with a release date in the form "YYMMDD" where:
- YY is the last 2 digits of the year
- MM is the numeric month (2 digits)
- DD is the numeric day of the month (2 digits)
See Note 2061926.1 for details.
A primary goal of the proactive patching program is to provide a series of proactive, stabilizing cumulative patches for a product version (release or patch set). The following are guidelines that Oracle follows for the bundle patch lifecycle for a product version. The specifics will vary depending on the content of individual bundles.
- Once a patch set or release is available, the first bundle patch may occur as early as the next quarterly proactive patch cycle, or more typically at the second quarterly proactive patch cycle after the release. The timing is a function of both the targeted content and when in the quarterly period the release was made available.
- Proactive patches with security content will continue as long as the version is supported for error correction. The policies are outlined in Note 209768.1, Database, FMW, EM Grid Control, and OCS Software Error Correction Support Policy.
- Bundle Patches and PSUs will reach a plateau of non-security content as the version stabilizes. Once this is reached, there will be a tapering off of non-security content. Oracle expects this plateau to be reached with the third or fourth Bundle Patch or PSU.
- PSU and Bundle Patch content will be primarily security-related once the next patch set in the series is released.
2.
For 12.1.0.2 the customers have a choice. They can install the DB PSU or the Proactive Bundle Patch. Proactive Bundle Patch is a superset of the DBPSU and includes additional fixes. Oracle does not make any recommendations on which one the customer should install as it it their choice.
OJVM PSU is still a separate patch as it is still Non-Rolling.
1.5 Oracle Database Patching - SPU vs PSU/BP
The Database Security Patch Updates (SPU) and Patch Set Updates (PSU) / Bundle Patches (BP) that are released each quarter contain the same security fixes. However, they use different patching mechanisms, and PSU/BP include both security and critical fixes.
NOTE: Applying a SPU on an installation with an installed PSU/BP is
not supported
3. 安全补丁分析
#####################
1.ref doc:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html#AppendixDB
References
English text version of the risk matrices [ Oracle Technology Network ]
http://cve.scap.org.cn/CVE-2013-5771.html
http://securitytracker.com/archives/target/81.html
Oracle Database Bugs Let Remote Users Access Data and Deny Service
SecurityTracker Alert ID: 1029181
SecurityTracker URL: http://securitytracker.com/id/1029181
CVE Reference: CVE-2013-3826, CVE-2013-5771 (Links to External Site)
Date: Oct 15 2013
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available: Yes Vendor Confirmed: Yes
Version(s): 11.1.0.7, 11.2.0.2, 11.2.0.3, 12.1.0.1
Description: Two vulnerabilities were reported in Oracle Database. A remote user can cause denial of service conditions. A remote user can obtain potentially sensitive information.
A remote user can exploit a flaw in the XML parser and partially access data or cause partial denial of service conditions [CVE-2013-5771].
A remote user can exploit a flaw in the Core RDBMS to partially access data on the target system [CVE-2013-3826].
The following researchers reported these and other Oracle vulnerabilities:
Adam Gowdiak of Security Explorations; Adam Willard of Foreground Security; Adi Ludmer of McAfee Labs; Ajinkya Patil of AVsecurity.in; Alex Kouzemtchenko of Security Research Lab via CERT/CC; Alex Rajan of Network Intelligence; Alexander Polyakov of ERPScan; Alexander Tlyapov of Positive Technologies; Alexey Osipov of Positive Technologies; Alexey Tyurin of ERPScan (Digital Security Research Group); Anagha Devale-Vartak of AVsecurity.in; Andrea Micalizzi aka rgod, working with HP's Zero Day Initiative; Andrew Davies formerly of NCC Group; Ben Murphy via HP's Zero Day Initiative; CERT/CC; Chris Ries via the Exodus Intelligence Program; Dave Bryant of Orion Health; Dmitry Sklyarov of Positive Technologies; Esteban Martinez Fayo formerly of Application Security Inc.; HUAWEI PSIRT; James Forshaw of Context Information Security; Jeroen Frijters; Jon Passki of Security Research Lab via CERT/CC; Juraj Somorovsky of Ruhr-University Bochum; Manuel Garcia Cardenas of Internet Security Auditors; Positive Research Center (Positive Technologies Company); Qinglin Jiang formerly of Application Security Inc; Rohan Stelling of BAE Systems Detica; Sam Thomas of Pentest Limited; Timur Yunusov of Positive Technologies; Tom Parker of Orion Health; Travis Emmert via iDefense; Vinesh N. Redkar; Will Dormann of CERT/CC; and Yuki Chen of Trend Micro.
Impact: A remote user can cause partial denial of service conditions.
A remote user can partially access data on the target system.
Solution: The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - October 2013.
The vendor's advisory is available at:
##############################
ref doc
1.11.2.0.4 Patch Set Updates - List of Fixes in each PSU (Doc ID 1611785.1)
(add new bug list)
2.Patch Set Update and Critical Patch Update July 2017 Availability Document (Doc ID 2261562.1)
(cpu list)
3.Patch 26568865: COMBO OF OJVM COMPONENT 11.2.0.4.170718 DBPSU + DBPSU 11.2.0.4.170814
(readme)
4.Patch 26550684 - Combo of OJVM Component 11.2.0.4.170718 DB PSU + GI PSU 11.2.0.4.170814
(readme)
5.11.2.0.4 Grid Infrastructure Patch Set Updates - List of Fixes in each GI PSU (Doc ID 1614046.1)
( add new bug list)
6.
Patch 26610246 - Oracle Grid Infrastructure Patch Set Update 11.2.0.4.170814 (Jul2017) (Includes Database PSU 11.2.0.4.170814)
(readme and 组成部分)
Database 11.2.0.4 Proactive Patch Information (文档 ID 2285559.1)
Release Schedule of Current Database Releases (文档 ID 742060.1)
What Are the Sub-Patches in 11.2.0.4 and 12c Grid Infrastructure (GI) Patchset Update (PSU) (Doc ID 1595371.1)
( FYI)
#####################
2. public doc
Patch Set Update and Critical Patch Update October 2013 Availability Document
from https://mosemp.us.oracle.com/epmos/faces/DocContentDisplay?_afrLoop=341050939984213&id=1571391.1&_afrWindowMode=0&_adf.ctrl-state=hq453vse5_73#BABGDFIF
we get:
2.2 Final Patch Information (Error Correction Policies)
The Final patch is the last CPU or PSU release for which the product release is under error correction. Final patches for upcoming releases, as well as newly scheduled final patches, are listed in the following sections.
lity for Oracle Database"
Section 3.1.4.2, "Oracle Database 12.1.0.1"
Section 3.1.4.3, "Oracle Database 11.2.0.3"
Section 3.1.4.4, "Oracle Database 11.2.0.2"
Section 3.1.4.5, "Oracle Database 11.1.0.7"
Denial of service via network,
Disclosure of system information,
Disclosure of user information
Proactive Patching Overview的更多相关文章
- 老李分享: Oracle Performance Tuning Overview 翻译
老李分享: Oracle Performance Tuning Overview 翻译 poptest是国内唯一一家培养测试开发工程师的培训机构,以学员能胜任自动化测试,性能测试,测试工具开发等工 ...
- Oracle E-Business Suite Maintenance Guide Release 12.2(Patching Procedures)
更多内容参考: http://docs.oracle.com/cd/E51111_01/current/acrobat/122ebsmt.zip Preparing for Patching For ...
- BuildTools Overview
SCons Pros: Based on a full-fledged programming language, Python. This means you can make the build ...
- [原] KVM 虚拟化原理探究(1)— overview
KVM 虚拟化原理探究- overview 标签(空格分隔): KVM 写在前面的话 本文不介绍kvm和qemu的基本安装操作,希望读者具有一定的KVM实践经验.同时希望借此系列博客,能够对KVM底层 ...
- Activity之概览屏幕(Overview Screen)
概览屏幕 概览屏幕(也称为最新动态屏幕.最近任务列表或最近使用的应用)是一个系统级别 UI,其中列出了最近访问过的 Activity 和任务. 用户可以浏览该列表并选择要恢复的任务,也可以通过滑动清除 ...
- Atitit.自然语言处理--摘要算法---圣经章节旧约39卷概览bible overview v2 qa1.docx
Atitit.自然语言处理--摘要算法---圣经章节旧约39卷概览bible overview v2 qa1.docx 1. 摘要算法的大概流程2 2. 旧约圣经 (39卷)2 2.1. 与古兰经的对 ...
- Overview of OpenCascade Library
Overview of OpenCascade Library eryar@163.com 摘要Abstract:对OpenCascade库的功能及其实现做简要介绍. 关键字Key Words:Ope ...
- Apache Sqoop - Overview——Sqoop 概述
Apache Sqoop - Overview Apache Sqoop 概述 使用Hadoop来分析和处理数据需要将数据加载到集群中并且将它和企业生产数据库中的其他数据进行结合处理.从生产系统加载大 ...
- BOOST.Asio——Overview
=================================版权声明================================= 版权声明:原创文章 谢绝转载 啥说的,鄙视那些无视版权随 ...
随机推荐
- zookeeperclient设置监听
1.目的 zookeeper是一个分布式服务管理框架.zookeeper提供了对client的通知.即在server端的节点有改动或者删除的时候,能够给client进行通知. 2.server端部署 ...
- ZOJ 3316 Game 一般图最大匹配带花树
一般图最大匹配带花树: 建图后,计算最大匹配数. 假设有一个联通块不是完美匹配,先手就能够走那个没被匹配到的点.后手不论怎么走,都必定走到一个被匹配的点上.先手就能够顺着这个交错路走下去,最后一定是后 ...
- libevent编程疑难解答
http://blog.csdn.net/luotuo44/article/details/39547391 转载请注明出处:http://blog.csdn.net/luotuo44/article ...
- 责任链模式的具体应用 ServiceStack.Redis订阅发布服务的调用
责任链模式的具体应用 1.业务场景 生产车间中使用的条码扫描,往往一把扫描枪需要扫描不同的条码来处理不同的业务逻辑,比如,扫描投入料工位条码.扫描投入料条码.扫描产出工装条码等,每种类型的条码位数 ...
- [转] When to use what language and why
Published by Seraphimsan Oct 13, 2010 (last update: Oct 14, 2010) When to use what language and why ...
- IIS+Asp.Net Mvc必须知道的事(解决启动/重启/自动回收站点后第一次访问慢问题)
问题现象: Asp.net Mvc站点部署在IIS上后,第一个用户第一次访问站点,都会比较慢,确切的说是访问站点的Action页面(即非静态页面,因为静态页面直接由IIS处理返回给用户即完成请求,而A ...
- 【ios系列】-数据储存
第一:plist属性列表 适用对象:仅仅是Foundation框架自带的一些类比如:NString\NSarry\NSDictionary\NSset\NSnumber\NSdata 使用: 1:调用 ...
- makefile redefinition or previous definition
operation.h:4: error: redefinition of 'class operation' operation.h:5: error: previous definition of ...
- ABAP ODATA接口开发
1.SE37 创建好 Remote-Enabled函数. 2.SEGW,新建项目 创建项目之后,展开,右键Data Model,Import 函数. 导入函数之后,创建mapping 3./IWFND ...
- 提高 Linux 上 socket 性能 加速网络应用程序的 4 种方法
使用 Sockets API,我们可以开发客户机和服务器应用程序,它们可以在本地网络上进行通信,也可以通过 Internet 在全球范围内进行通信.与其他 API 一样,您可以通过一些方法使用 Soc ...