Re: Patch Question

From: Michael Austin <maustin_at_firstdbasource.com>
Date: Sat, 07 Jun 2008 21:31:41 -0500
Message-ID: <OuH2k.4595$uE5.4105@flpi144.ffdc.sbc.com>

joel garry wrote:
> On Jun 6, 1:17 pm, Mtek <m..._at_mtekusa.com> wrote:

>> On Jun 6, 3:08 pm, "fitzjarr..._at_cox.net" <orat..._at_msn.com> wrote:
>>
>>
>>
>>
>>
>>> On Jun 6, 2:57 pm, Mtek <m..._at_mtekusa.com> wrote:
>>>> Hi,
>>>> We want to apply some Oracle.  We have not done this in nearly 9
>>>> months or so.  Anyhow, here is our environment:
>>>> Oracle 10.2.0.1.0
>>>> Linux Red Hat Enterprise x86-64
>>>> It returned 64 patched.  None were recommended......
>>>> So, does that mean that we really do not need to install any???
>>>> Thank you!
>>>> John
>>> I know of at least ONE patchset you should be applying, and that is
>>> 10.2.0.3 (or, 10.2.0.4 if it's been released for RHEL).
>>> David Fitzjarrell
>> Why not apply all the 64 patches for 10.2.0.1, or is the idea is to
>> move to 10.2.0.3 to upgrade the version.....

>
> The patches are cumulative. In general, you want to be on or testing
> the latest patch set. It is not considered an upgrade because...
> well, that is explained in the docs that come with or can be obtained
> separately from the patch. You should read them!
>
> "Patch sets are a mechanism for delivering fully tested and integrated
> product fixes. Patch sets provide bug fixes only; they do not include
> new functionality and they do not require certification on the target
> system.
>
> Patch sets include all of the libraries that have been rebuilt to
> implement the bug fixes in the set. All of the fixes in the patch set
> have been tested and are certified to work with each other. Because
> the patch set includes only low impact patches, it does not require
> you to certify applications or tools against the server."
>
> But you should be interested in the bugs that are fixed.
>
> Some patch sets do contain backported new functionality, regardless of
> the boilerplate. Of course, the distinction between bug and doing it
> different may be blurry.
>
> jg
> --
> @home.com is bogus.
> http://securitylabs.websense.com/content/Alerts/3096.aspx

I would modify this slightly from:
"Patch sets provide bug fixes only; they do not include new functionality and they do not require certification on the target system."

To:
"Patch sets generally provide bug fixes; they do not always include new functionality and they may not or may not require certification on the target system."

Oracle does occasionally sneak in new functionality - like starting with 1Q2008 CPU patch, they started including SCM - the "phone-home" software linked with Metalink. It is not configured, but it is installed. Also, the way the patch sets installed started using "molecules" Major Patch# with many sub-patches - requiring a new version of OPatch to be installed in order to execute it.

They also changed executable permissions on UNIX servers starting with 9.2.0.7. They did provide a changePerm.sh script to set them to "wide-open", but this is a case of a major change that affected a lot of systems due to previously poorly designed security.

Personally, I miss the security mechanisms found in the formerly DEC/COMPAQ now HP OpenVMS. It was light years ahead of the Unix model. And the cluster technology actually worked :) Received on Sat Jun 07 2008 - 21:31:41 CDT

This message: [ Message body ]
Next message: hjr.pythian_at_gmail.com: "Re: Goodbye Fedora!"
Previous message: Michael Austin: "Re: Copy Database From Ora 10.1.0.5 to 10.2.0.2"
In reply to: joel garry: "Re: Patch Question"
Next in thread: Mtek: "Re: Patch Question"
Reply: Mtek: "Re: Patch Question"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message