Path: dp-news.maxwell.syr.edu!spool.maxwell.syr.edu!drn.maxwell.syr.edu!news.maxwell.syr.edu!postnews2.google.com!not-for-mail
From: bdbafh@gmail.com (Paul Drake)
Newsgroups: comp.databases.oracle.server
Subject: Re: installing multiple patches(Release 2, 9.2.0.4)
Date: 9 Sep 2004 08:04:48 -0700
Organization: http://groups.google.com
Lines: 41
Message-ID: <910046b4.0409090704.5ec9578c@posting.google.com>
References: <9ca71242.0409030920.42f3e332@posting.google.com> <d5phj0h8qgsdbh750uodnd2nmbcl9dvi8o@4ax.com> <d4d6f278.0409051611.414ecd7b@posting.google.com> <d4d6f278.0409060937.73efdae4@posting.google.com> <1e8276d6.0409070128.48d2c0dc@posting.google.com> <910046b4.0409070905.1a5b29f7@posting.google.com>
NNTP-Posting-Host: 156.43.4.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1094742289 24013 127.0.0.1 (9 Sep 2004 15:04:49 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Thu, 9 Sep 2004 15:04:49 +0000 (UTC)
Xref: dp-news.maxwell.syr.edu comp.databases.oracle.server:224584

bdbafh@gmail.com (Paul Drake) wrote in message news:<910046b4.0409070905.1a5b29f7@posting.google.com>...
> pagesflames@usa.net (Dusan Bolek) wrote in message news:<1e8276d6.0409070128.48d2c0dc@posting.google.com>...
> > johnbhurley@sbcglobal.net (John Hurley) wrote in message news:<d4d6f278.0409060937.73efdae4@posting.google.com>...
> > > Then test test test and consider carefully the pros and cons of
> > > whether the fix that is being supplied is likely to improve (or not)
> > > any production environments before thinking/planning a rollout.
> > 
> > This advice is easy to say, but is hard to do it, especially if we're
> > talking about recent security alerts. There are no supplied
> > information with them, only: "Severity 1, must apply". We do not know
> > what it is patching, why, is it really serious for all configurations,
> > is it fixing remote exploit or only local one etc. So applying of
> > these patches is more or less the matter of trust (in Oracle) and not
> > a considering of pros/cons.
> 
> Dusan,
> 
> "Severity 1" is what occurs after you apply the patches in production,
> and something goes horribly wrong. :)
> 
> "Critical" is what the Alert #68 patches are categorized as.
> 
> btw - applied 8.1.7.4.16, 9.2.0.5 patchset4 and 10.1.0.3 on win32
> without incident, waiting for latent issues to arise in testing.
> 
> -bdbafh

whoops - that was still a 10.1.0.2 on win32.
the version of perl that was shipped by oracle with its apache distro
will not work with the 10.1.0.2 patchset, but the recent 5.6.x version
of perl from activestate works quite well.

reasons why to bother with applying this:

code red
sql slammer
nimda

nuff said.

-bdbafh