Re: Patch Question

From: joel garry <joel-garry_at_home.com>
Date: Fri, 6 Jun 2008 13:46:30 -0700 (PDT)
Message-ID: <7f853cbb-ffea-406c-b93f-3363a32517d5@a9g2000prl.googlegroups.com>


On Jun 6, 1:17 pm, Mtek <m..._at_mtekusa.com> wrote:
> On Jun 6, 3:08 pm, "fitzjarr..._at_cox.net" <orat..._at_msn.com> wrote:
>
>
>
>
>
> > On Jun 6, 2:57 pm, Mtek <m..._at_mtekusa.com> wrote:
>
> > > Hi,
>
> > > We want to apply some Oracle.  We have not done this in nearly 9
> > > months or so.  Anyhow, here is our environment:
>
> > > Oracle 10.2.0.1.0
> > > Linux Red Hat Enterprise x86-64
>
> > > It returned 64 patched.  None were recommended......
>
> > > So, does that mean that we really do not need to install any???
>
> > > Thank you!
>
> > > John
>
> > I know of at least ONE patchset you should be applying, and that is
> > 10.2.0.3 (or, 10.2.0.4 if it's been released for RHEL).
>
> > David Fitzjarrell
>
> Why not apply all the 64 patches for 10.2.0.1, or is the idea is to
> move to 10.2.0.3 to upgrade the version.....

The patches are cumulative. In general, you want to be on or testing the latest patch set. It is not considered an upgrade because... well, that is explained in the docs that come with or can be obtained separately from the patch. You should read them!

"Patch sets are a mechanism for delivering fully tested and integrated product fixes. Patch sets provide bug fixes only; they do not include new functionality and they do not require certification on the target system.

Patch sets include all of the libraries that have been rebuilt to implement the bug fixes in the set. All of the fixes in the patch set have been tested and are certified to work with each other. Because the patch set includes only low impact patches, it does not require you to certify applications or tools against the server."

But you should be interested in the bugs that are fixed.

Some patch sets do contain backported new functionality, regardless of the boilerplate. Of course, the distinction between bug and doing it different may be blurry.

jg

--
@home.com is bogus.
http://securitylabs.websense.com/content/Alerts/3096.aspx
Received on Fri Jun 06 2008 - 15:46:30 CDT

Original text of this message