Category Archives: 11gR2

Posts related to Oracle 11g Release 2

Oracle CPU / PSU Pre-Release Announcement April 2014

Today Oracle has published the Pre-Release Announcement of the CPU Advisory for April 2014. This Critical Patch Update contains 103 new security vulnerability fixes for several Oracle products. There are only a few days since the publication of the vulnerability CVE-2014-0160 known as “Heartbleed”. Therefore I assume, that this patch update does not yet address the corresponding vulnerability.

Nevertheless it seems that it contains bug fix for some major security issues. From the Oracle database point of view it is a small update. There are only two security bug fix for the Oracle Database Server and no for client-only installations. But one of the vulnerabilities does have a CVSS rating of 8.5 and affects the Core RDBMS. The vulnerabilities of Oracle Java SE are even higher and rated with a 10.0 out of 10.0.

We will see all the details next Tuesday when Oracle is officially releasing official Critical Patch Update for April 2014. Next week I’ll have a closer look and do some test installations.

More details about the patch will follow soon on the Oracle Security Pages.

Oracle CPU / PSU Pre-Release Announcement January 2014

Today Oracle has published the Pre-Release Announcement for the first CPU Patch in 2014. This Critical Patch Update contains 147 new security vulnerability fixes for several Oracle products. From the Oracle database point of view it is a small update. There are only five security fix for the Oracle Database Server and no for client-only installations.

Although the CVSS rating of these vulnerabilites are 5.0, it looks that there is no hurry to install this security fix on most of the database environments. If this is true, we’ll see next Tuesday when Oracle is officially releasing CPU / PSU January 2014. Next week I’ll have a closer look.

More details about the patch will follow soon on the Oracle Security Pages.

Oracle released CPU / PSU October 2013

As announced yesterday in my post Oracle CPU / PSU Pre-Release Announcement October 2013, Oracle has now released the last Critical Patch Updates for 2013. Overall this CPU contains 126 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For Oracle Database it contains only 2 security fixes with a rather medium CVSS rating. Although the Core RDBMS is affected, it is probably not necessary to run a fire drill. If you have planned to patch anyway, it makes sense to consider the latest PSU or SRU. And if you plan to install Oracle 11.2.0.4.0 patch set, this critical patch update can even be skip, since there is no PSU or SPU for 11.2.0.4 available. According to the patch read-me, it seems that CVE-2013-5771 is fixed in 11.2.0.4. But I can’t confirm this, because I could not find a Bug-ID to compare.

By the way, Oracle has changed a few thing in database security patching for 12c. They will not publish any separate security patch updates (SPU) anymore but solely patch set update (PSU)

CPU Release Dates

The next four Critical Patch Updates will be released at the following dates:

  • 14 January 2014
  • 15 April 2014
  • 15 July 2014
  • 14 October 2014

References

Links all around Critical Patch Update:

Oracle CPU / PSU Pre-Release Announcement October 2013

Oracle has published the Pre-Release Announcement for the October CPU/SPU Patch. This Critical Patch Update contains 126 new security vulnerability fixes for several Oracle products. Despite the large amount of security fixes, it is a rather small update from the database point of view. There are only two security fix for the Oracle Database Server and no for client-only installations. But it does contain the fix for Oracle Database 12c Release 1.

The announced highest CVSS rating for databases is 5.5. Because the core RDBMS is affected, it will probably make sense to install this CPU an any database environment. But this has to be verified as soon as the CPU is officially released later this week.

More details about the patch will follow soon on the Oracle Security Pages.

Oracle 11.2.0.4.0 Patchset released

Oracle has released the patchset 11.2.0.4.0 for Oracle 11g Release 2. The current patchset is as well as the other 11g R2 patchsets a full installation. This means you will have to download quite a bit from Metalink, altogether 7 files. On My Oracle Support search for patchset 13390677 or follow the link to reach the download page.

So far the patch set is only available for Linux (x86 and x86-64bit), Oracle Solaris on SPARC (32bit and 64bit) and Oracle Solaris on x86 and x86-64bit. The Metalink Note 11.2.0.4 Patch Set – Availability and Known Issues [1562139.1] or the generic ALERT for Oracle 11g Release 2 ALERT: Oracle 11g Release 2 (11.2) Support Status and Alerts [880782.1] will list the patch set for other platforms as soon as they are available. The first Metalink Note is currently still under construction :-) .

List of Bugfixes

In the Metalink Note 1562142.1 you find a hell of a long list with bugs fixed in this patchset. But also this document is currently under construction. I think you would be well advised to test the patchset before installing on production. According to Metalink Note 1562139.1 there are up to now only two notable fixes with potential change in behavior but no new issues introduced in this patchset. So check the Metalink Note on updates.

New Features

Compared with previous patch set this one does not include all too many new features. Below a you find a list of the new features included in this patch set.

  • Oracle Data Redaction
  • Trace File Analyzer and Collector
  • RACcheck – The Oracle RAC Configuration Audit Tool
  • Database Replay Support for Database Consolidation
  • Dynamic Statistics
  • Optimization for Flashback Data Archive History
  • New sqlnet.ora Parameter SSL_EXTENDED_KEY_USAGE
  • New PrimaryLostWriteAction Property
  • ENABLE_GOLDENGATE_REPLICATION for Oracle GoldenGate

Features like Oracle Data Redaction are backported from Oracle 12c R1 (See Oracle 12c New Security Features). Details on these new feature are available in the Oracle documentation Oracle Database 11g Release 2 (11.2.0.4) New Features.

Reference

A collection of a few important Metalink Notes, readme and other links related to Patchset 11.2.0.4.0:

  • README for 13390677
  • ALERT: Oracle 11g Release 2 (11.2) Support Status and Alerts [880782.1]
  • 11.2.0.4 Patch Set – Availability and Known Issues [1562139.1]
  • 11.2.0.4 Patch Set – List of Bug Fixes by Problem Type [1562142.1]
  • Quick Reference to Patchset Patch Numbers [753736.1]
  • Important Changes to Oracle Database Patch Sets Starting With 11.2.0.2 [1189783.1]
  • Information on installing the patch set must be taken from the documentation (Installing and Upgrading) or the Metaling Note: Complete checklist for out-of-place manual upgrade from 11.2.0.1 to 11.2.0.2 [ID 1276368.1] (old only used as reference)

How to find latest oracle database patchset

It is sometimes a bit of a hassle, to have the latest patch name or number on hand, when you need them. Ok, you may search on My Oracle Support and save it as custom search. But it may happen that the search is inaccurate and the required patch is not found. A much easier way is to use the Oracle Metalink Notes, which have been available for a while. These MOS Notes are updated regularly with the latest patch information. My favorite is definitely the Quick Reference to Patch Numbers for Database PSU, SPU(CPU), Bundle Patches and Patchsets [1454618.1]. But there are more interesting MOS notes.

Which Patch’s are available?

MOS notes about patches, patch sets, PSU, SRU and bundle patches :

  • Introduction to Oracle Recommended Patches [756388.1]
    This MOS notes is the main entry to the Oracle recommended patches. It includes further links to Oracle Database, Oracle Enterprise Manager, Oracle Fusion Middleware and other products.
  • Oracle Recommended Patches — Oracle Database [756671.1]
    This notes includes the links for the latest recommended patches of Oracle Databases on Unix and Linux since Oracle 10.2.0.3
  • Oracle Database, Networking and Grid Agent Patches for Microsoft Platforms [161549.1]
    As the name says, this note contains further links for recommended patches of Oracle Databases on Microsoft Windows
  • Quick Reference to Patch Numbers for Database PSU, SPU(CPU), Bundle Patches and Patchsets [1454618.1]
    This MOS note is some kind of a master note for any PSU, CPU, Bundle Patches and Patchset. Here you’ll find any patch number without struggling yourself first through all the Oracle recommendations :-)
  • Release Schedule of Current Database Releases [742060.1]
    On this MOS Note you do not really find any patch numbers or names but you’ll find the release schedules of upcoming patch set. Ok you do not see an exact date. But at least the quarter of the year.

Which Patch has been installed?

The easies way to list the installed patches in the current ORACLE_HOME is to use the patch utility.

List of installed patches:

$ORACLE_HOME/OPatch/opatch lsinventory

Grep on the patch description:

$ORACLE_HOME/OPatch/opatch lsinventory|grep "Patch description"
Patch description:  "Database Patch Set Update : 11.2.0.3.7 (16619892)"

A more verbose list on the installed patches:

$ORACLE_HOME/OPatch/opatch lsinventory -details

Which Patch has been applied?

The table REGISTRY$HISTORY does contain information on applied patches respectively PSU, SRU or CPU. SinceSince I use this query regularly during the tests of the Critical Patch Update, I have it packed in a handy script ( cpui.sql).

SET linesize 200 pagesize 200
col action_time FOR a28
col version FOR a10
col comments FOR a35
col action FOR a25
col namespace FOR a12
SELECT * FROM registry$history;

Oracle database binaries with perl

Perl and Oracle has not always an easy past. Depending on the OS type and Oracle Version it can be quite nerve racking to compile DBI and DBD::Oracle. In addition to DBD::Oracle there are also other binary Perl modules that are not so easy to compile. On operating systems such as Microsoft Windows it is necessary to invest a little more effort to compile Perl. Alternatively one can use precompiled packages like Active Perl or Strawberry Perl. But this is basically not necessary at all if Oracle is already installed. Since Oracle 10g Perl is part of the Oracle binaries for the client and Database server. Oracle does use it for various tools itself. This allows it to easily create and execute custom perl scripts even on an Oracle Client installation. I do this regularly when I create Oracle Database security reviews. Instead of manually collecting all sorts of information, I’m running a few Perl scripts. This also works if I only have access to an Oracle client installation.

Available Perl Versions

Consequently, the different Oracle versions contains different versions of Perl. With the latest Oracle Database 12c Release 1 it just got update.

  • Oracle 10g Release 2 contains Perl 5.8.3
  • Oracle 10g Release 2 contains Perl 5.10.0
  • Oracle 12c Release 1 contains Perl 5.14.1

As you see this are not realy the latest stable version of Perl. The following Picture show’s the latest release for each branch of Perl.

LatestPerlReleases

Depending on what you want to do with Perl, this is generally not a problem. Nevertheless, it is useful to check what is supported in the corresponding release or not.

With perldoc you’ll get all kind of perl documentation. For instance the user contributed perl modules aka additional perl modules

$ORACLE_HOME/perl/bin/perldoc perllocal

With corelist you’ll get information on core perl modules perl.

$ORACLE_HOME/perl/bin/corelist -a utf8

utf8 was first released with perl 5.006
5.006 undef
5.006001 undef
5.006002 undef
5.007003 1.00
5.008 1.00
5.008001 1.02
5.008002 1.02
5.008003 1.02
5.008004 1.03
5.008005 1.04
5.008006 1.04
5.008007 1.05
5.008008 1.06
5.009 1.02
5.009001 1.02
5.009002 1.04
5.009003 1.06
5.009004 1.06
5.009005 1.07
5.01 1.07

Restrictions

But before you start to develop your big perl applications be aware, that you shouldn’t relay on it. According to the Oracle Metalink Note 342754.1 You should not use it for your own applications.

Note:- Perl and other 3rd party tools such as the Sun JRE are provided in the ORACLE_HOME for Oracle tool usage only. PERL libraries which are part of the Oracle RDBMS CD (Client / Database) are not meant for PERL custom application development, but they are used by various Oracle tools that are shipped along with Oracle RDBMS software such as EM DB Console etc.,

Using it for just a bunch of admin and reports scripts it shouldn’t be a big issues. Especially because you save quite some time when you not have to install Perl and DBD::Oracle yourself.

How tu use it

A few example how to use it will follow later on…

References

Some links related to this post.

  • Perl Source Readme on CPAN with information on the latest version on each branch of Perl
  • DBI – Database independent interface for Perl
  • DBD::Oracle Oracle database driver for the DBI module
  • Oracle Support of PHP, Perl, DBD/DBI and other 3rd party products [342754.1]
  • Active Perl from ActiveState
  • Strawberry Perl