Re: Patch Question

From: Mtek <mtek_at_mtekusa.com>
Date: Sun, 8 Jun 2008 12:09:36 -0700 (PDT)
Message-ID: <4a9d09c6-7e9c-485d-8f23-3cc3e970f223@c65g2000hsa.googlegroups.com>


On Jun 7, 9:31 pm, Michael Austin <maus..._at_firstdbasource.com> wrote:
> joel garry wrote:
> > On Jun 6, 1:17 pm, Mtek <m..._at_mtekusa.com> wrote:
> >> On Jun 6, 3:08 pm, "fitzjarr..._at_cox.net" <orat..._at_msn.com> wrote:
>
> >>> On Jun 6, 2:57 pm, Mtek <m..._at_mtekusa.com> wrote:
> >>>> Hi,
> >>>> We want to apply some Oracle. We have not done this in nearly 9
> >>>> months or so. Anyhow, here is our environment:
> >>>> Oracle 10.2.0.1.0
> >>>> Linux Red Hat Enterprise x86-64
> >>>> It returned 64 patched. None were recommended......
> >>>> So, does that mean that we really do not need to install any???
> >>>> Thank you!
> >>>> John
> >>> I know of at least ONE patchset you should be applying, and that is
> >>> 10.2.0.3 (or, 10.2.0.4 if it's been released for RHEL).
> >>> David Fitzjarrell
> >> Why not apply all the 64 patches for 10.2.0.1, or is the idea is to
> >> move to 10.2.0.3 to upgrade the version.....
>
> > The patches are cumulative. In general, you want to be on or testing
> > the latest patch set. It is not considered an upgrade because...
> > well, that is explained in the docs that come with or can be obtained
> > separately from the patch. You should read them!
>
> > "Patch sets are a mechanism for delivering fully tested and integrated
> > product fixes. Patch sets provide bug fixes only; they do not include
> > new functionality and they do not require certification on the target
> > system.
>
> > Patch sets include all of the libraries that have been rebuilt to
> > implement the bug fixes in the set. All of the fixes in the patch set
> > have been tested and are certified to work with each other. Because
> > the patch set includes only low impact patches, it does not require
> > you to certify applications or tools against the server."
>
> > But you should be interested in the bugs that are fixed.
>
> > Some patch sets do contain backported new functionality, regardless of
> > the boilerplate. Of course, the distinction between bug and doing it
> > different may be blurry.
>
> > jg
> > --
> > @home.com is bogus.
> >http://securitylabs.websense.com/content/Alerts/3096.aspx
>
> I would modify this slightly from:
> "Patch sets provide bug fixes only; they do not include new
> functionality and they do not require certification on the target system."
>
> To:
> "Patch sets generally provide bug fixes; they do not always include new
> functionality and they may not or may not require certification on the
> target system."
>
> Oracle does occasionally sneak in new functionality - like starting with
> 1Q2008 CPU patch, they started including SCM - the "phone-home" software
> linked with Metalink. It is not configured, but it is installed. Also,
> the way the patch sets installed started using "molecules" Major Patch#
> with many sub-patches - requiring a new version of OPatch to be
> installed in order to execute it.
>
> They also changed executable permissions on UNIX servers starting with
> 9.2.0.7. They did provide a changePerm.sh script to set them to
> "wide-open", but this is a case of a major change that affected a lot of
> systems due to previously poorly designed security.
>
> Personally, I miss the security mechanisms found in the formerly
> DEC/COMPAQ now HP OpenVMS. It was light years ahead of the Unix model.
> And the cluster technology actually worked :)

Thanks all for your advice. I'll try and find the write patch and apply it this week..... Received on Sun Jun 08 2008 - 14:09:36 CDT

Original text of this message