Category Archives: Bundle Patch

Oracle Bundle Patch

Oracle CPU / PSU April 2018

Oracle recently released the spring Critical Patch Advisory. It is the first critical patch update, which also includes fixes for Oracle 18c. Over all it includes 254 new security fixes across the product families. Overall a rather large update, although only a security vulnerability is patched for the Oracle databases. This vulnerability is not remotely exploitable without authentication and is not applicable to client-only installations. The CVSS Rating is 8.5 for Oracle Database 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18.1.0.0 on any operating system. According to Oracle the following component is affected:

  • Java VM

Oracle Java VM is not installed by default. It is therefore recommended that you check your database environment to see if it is necessary to apply this critical patch update.

For Oracle Fusion Middleware the situation looks somehow different. The Critical Patch Update includes not less than 30 fixes for vulnerabilities. Several of the vulnerabilities may be remotely exploitable without authentication and are rated with the highest CVSS rating of 9.8.

More details about the patch will follow soon on the Oracle Security Pages.

By the way, Oracle improved the table which lists the affected products and components in there advisory. Oracle Database is not a the top of the table any more.

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 7

Today Oracle released the new Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded as usual on Oracle Metalink as Patchset 21920205 for existing installations. The full installation image for new installations is not yet available on Oracle eDelivery. I guess this will follow in a couple of days. Beside the Bundle Patch, Oracle will also updated the Backup Script to the latest Release. The scripts will be available via My Oracle Support Note 1556200.1

According the readme, the Release 12.1.2 BP7 just contains the October 2015 Patch Set Update for the database. The base platform has been updated with several not precisely specified bug fixes. These include security and stability fixes to Java and the underlying Linux operating system plus the bug fix for the following bug:

Bug Number Description
21395711 ALERT IS RESENT TO SYSLOG WHEN JFWK IS RESTARTED

Since the PSU for October 2015 does includes some critical but fixes for clusterserver (CVSS Rating 10). It is recommended to install this Bundle Patch.

Patch installation

The patch installation is rather simple. Most important is that the following directories have enough free space:

  • 5 GB in /var/lib/oracle
  • 5 GB in /var/tmp
  • 4.5 GB in /root

To install the patch just copy the iso to the AVDF server and run the ruby script. Alternatively you may also mount the iso directly on the Server instead of copy it first. eg. if you run your AVDF in a VM environment. Detailed installation instruction could be taken from the Patch Readme

[root@melete ~]# /bin/mount -oloop,ro /root/avdf-upgrade-12.1.2.7.0.iso /images
[root@melete ~]# yum -c /images/upgrade.repo clean all
Cleaning up Everything

[root@melete ~]# /usr/bin/ruby /images/upgrade.rb
Verifying upgrade preconditions
Mounting boot partition
Removing obsolete files and packages
Applying kernel upgrade
Upgrading system
Remove media and reboot now to fully apply changes.

[root@melete ~]# /sbin/reboot

Broadcast message from root (pts/0) (Mon Nov  9 14:51:46 2015):

The system is going down for reboot NOW!

AVDF Backup

Beside the Bundle Patch, Oracle will also updated the AVDF Backup Script to match the latest Release. The script itself is not yet available, but the new Version will be posted in My Oracle Support Note Audit Vault Server Backup and Restore for Release 12.1.2.5.0 and Prior [1556200.1].

References

Some links related to the Audit Vault and Database Firewall:

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 5

Today Oracle released the new Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded as usual on Oracle Metalink as Patchset 20829881 for existing installations. The full installation image for new installations is not yet available on Oracle eDelivery. I guess this will follow in a couple of days. Beside the Bundle Patch, Oracle also updated the Backup Script to the latest Release.

According the readme, the Release 12.1.2 BP5 contains the April 2015 Patch Set Update for the database as well several bug fix for the base platform. These include security and stability fixes to Java and the underlying Linux operating system plus the bug fix for the following bugs:

Bug Number Description
18730748 THE AUDIT TRAILS CANNOT GET DATA FROM DATABASES CONFIGURED FOR SSL
18081207 PGA_AGGREGATE_LIMIT HIT WHEN QUERYING RECORDS FROM V$UNIFIED_AUDIT_TRAIL
18349496 FOR MSSQL TRACE FILES, COLLECTOR IS NOT COLLECTING THE DATA FROM ACTIVE FILE
20488901 MISSING MAPPING OF CLIENT_IP
17830617 TRANSACTION LOG AUDIT TRAIL CRASHES
20688669 ORA-20105: FAILED TO REMOVE FIREWALL CERTIFICATE FROM ORACLE WALLET

Patch installation

The patch installation is rather simple. Most important is that the following directories have enough free space:

  • 5 GB in /var/lib/oracle
  • 5 GB in /var/tmp
  • 4.5 GB in /root

To install the patch just copy the iso to the AVDF server and run the ruby script. Alternatively you may also mount the iso directly on the Server instead of copy it first. eg. if you run your AVDF in a VM environment. Detailed installation instruction could be taken from the Patch Readme

[root@melete ~]# mount /dev/cdrom /images
mount: block device /dev/cdrom is write-protected, mounting read-only
[root@melete ~]# yum -c /images/upgrade.repo clean all
Cleaning up Everything

[root@melete ~]# /usr/bin/ruby /images/upgrade.rb
Verifying upgrade preconditions
Mounting boot partition
Removing obsolete files and packages
Applying kernel upgrade
Upgrading system
Remove media and reboot now to fully apply changes.

[root@melete ~]# /sbin/reboot

Broadcast message from root (pts/0) (Fri May 15 13:40:50 2015):

The system is going down for reboot NOW!

AVDF Backup

Beside the Bundle Patch, Oracle also updated the AVDF Backup Script to match the latest Release. The script itself did not change. Oracle just added the product version 12.1.2.5.0. See Audit Vault Server Backup and Restore for Release 12.1.2.5.0 and Prior [1556200.1] for more information on the backup script.

References

Some links related to the Audit Vault and Database Firewall:

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 2

End of last week, Oracle has released the second Bundle Patch for Audit Vault and Database Firewall 12.1.2. I’ve missed the release due to public holiday here in Switzerland. 🙂 The patch can be downloaded as usual on Oracle Metalink as Patchset 19190265 for existing installations or on Oracle eDelivery as full installation image for new installations. The installation image is split in two parts which need to be merged before use. A short description on how to merge the image can be found on my blog post about Audit Vault and Database Firewall 12.1.2.

According the readme, the Release 12.1.2 BP2 contains the July 2014 PSU 11.2.0.3.11 for the database as well several bug fix for the base platform. These include security and stability fixes to Java and the underlying Linux operating system. This is more or less similar to thelast bundle patch. What’s new, are the bug fix for the following bugs:

Bug Number Description
18724624 WITH EXCESSIVE VALUE FOR RMEM_MAX, TRAFFIC MONITORING IS SILENTLY DISABLED
18161187 INTEGRATE INTERFACE MASTERS NEW DRIVERS INTO THE PRODUCT
18940816 AVDF SERVER FAILS TO INSTALL ON HP DL380 GEN8 WITH CCISS!C0D0 ERROR
18823169 AFTER UPGRADE, THE DBFW CAN NOT COMMUCIATE WITH THE AVDF SERVER
18112713 ERRORS RELATING TO ILM AND DISK METRICS SEEN IN ALERT LOGS
18442791 NFS ARCHIVE JOB FAILS
18459675 SUPPORT FOR NVARCHAR DATA TYPE IN TABLE EZCOLLECTOR

In particular, I am interested in bug 18940816. I’ve discussed this issues in my post about AVDF installation fails on HP server with Smart Array Disk Controller. To verify if this issue is successfully fixed, I’ll have to reinstall one of the HP BL465c Blades.

References

Some links related to the Audit Vault and Database Firewall:

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 1

Earlier today, Oracle has released the first Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded on Oracle Metalink as Patchset 18728905 for existing installations or on Oracle eDelivery as full installation image for new installations. The installation image is split in two parts which need to be merged before use. A short description on how to merge the image can be found on my blog post about Audit Vault and Database Firewall 12.1.2.

According the readme, the Release 12.1.2 BP1 contains the April 2014 PSU 11.2.0.3.10 for the database as well several bug fix for the base platform. These include security and stability fixes to Java and the underlying Linux operating system.

Before installing the bundle patch it is absolutely recommended, that you create a backup of the AVDF Installation and ensure that there is free space in the following Audit Vault Server partitions.

  • 5 GB in /var/lib/oracle
  • 5 GB in /var/tmp
  • 4.5 GB in /root

The upgrade will fail, if the partitions does not have enough free space. The bundle patch readme describes the different upgrade scenarios. I’ll upgrade my AVDF 12.1.2 Test VM once the download of the 3GB bundle patch is finished.

References

Some links related to the Audit Vault and Database Firewall:

Enterprise Manager Cloud Control 12c Release 4

A bit less than a year after Oracle Enterprise Manager Cloud Control 12c Release 3 has been released, Oracle has now released the latest version of its Enterprise Manager Cloud Control. The new release is immediately available for all supported platforms on OTN Oracle Enterprise Manager downloads or via the following direct links:

What’s New in 12.1.0.4

According the online documentation this release includes the following new features:

    Framework and Infrastructure

  • Updated Management Repository Page
  • Enterprise Manager Page Performance Page
  • Incident Management Actions in System Dashboard
  • BI Publisher 11.1.1.7 Integration
  • Integrated Installation of Business Information Publisher with Enterprise Manager 12c
  • Security Console
  • SSH Key Credential Support in Preferred Credentials
  • Global Preferred Credentials
  • Private Roles
  • Default and Bulk Apply Privilege Delegation Template
  • Fine Grained Aggregate Target Type Privilege Enhancement
  • Job System Enhancements
  • Enhanced Customization of Patching Procedures
  • Agent-Side Check Based Rule and Secure Technical Implementation Guide Compliance
  • Plug-in Management
    Services Management

  • New Create Wizard for Services
  • Support for REST and WADL for Web Service Beacon Tests
    Enterprise Monitoring and Incident Management Features

  • Advanced Thresholds Management
  • Metric Alert Message Customization
  • Metric Collection Schedule Enhancements
  • Time-Based Static Thresholds
  • Repository-Side Metric Extensions
  • Metrics Enhancements
  • Incident Management Updates in 12.1.0.4
  • Notification Enhancements
  • Enhanced Target Down Detection
    Fusion Application Management Features

  • Oracle Fusion Applications Plug-in 12.1.0.6 Features
    Database Management Features

  • Database Plug-in 12.1.0.6 Features
    Middleware Management Features

  • Fusion Middleware Plug-in 12.1.0.6 Features
    Exadata Features

  • Exadata Plug-in 12.1.0.5
  • Exadata Plug-in 12.1.0.6
    Cloud Management Features

  • Cloud Management Plug-in 12.1.0.8 Features
  • Chargeback and Consolidation Planner Plug-in 12.1.0.6 Features
  • Virtual Infrastructure Plug-in 12.1.0.1
  • Cloud Framework Plug-in 12.1.0.1
    Lifecycle Management

  • Scheduling Patch Preparation, Deployment, and Switchback

Resources

Links all around the Enterprise Manager, software, presentations and documentation:

Requirements

The requirements are similar to those from release 2 and release 3. Only the hardware requirements have been adjusted slightly. The evaluation / simple installation needs something less, whereas the advanced installations requires in general more memory and disk space. The following excerpt has been taken from Oracle® Enterprise Manager Cloud Control Basic Installation Guide.

  • OS requirements: Oracle Linux 6, Oracle Linux 5.x, Red Hat Enterprise Linux 5.x, SUSE Linux Enterprise 10, SUSE Linux Enterprise 11, Asianux Server 3
  • Hardware Requirments OMS (small) : 2 Cores, 6 GB RAM 8 GB RAM with ADPFoot 1 , JVMDFoot 2, 18 GB Hard Disk Space or 21 GB Hard Disk Space with ADP, JVMD

Audit Vault and Database Firewall 12.1.1 Bundle Patch 1

Oracle just released the new bundle patch for Audit Vault and Database Firewall 12.1.1. The patch can be downloaded on metaling as RPM patch set for existing installations or as full installation images for new installations.

According the readme, the BP1 contains the July 2013 PSU 11.2.0.3.7 for the database as well several bug fix for both the audit vault server and the database firewall.

  • 16993733 Client program column is null when audit collected from Oracle table trail
  • 16699889 Database Vault:Legacy Audit:12c – mapping for a few events missing
  • 16399439 Audit settings UI problem when IE8 browser is used.
  • 16860810 Firewall reports ODF-10001: Internal error: did not find substitution string
  • 15831798 “Print success message checksum content error” seen on login after timeout
  • 16878611 “ATC” files may not be refreshed (file ownership)
  • 16879023 Starting a trail takes a long time – many minutes
  • 16939931 Trails stop when files are deleted

The installation on my test system was quite straightforward. You just have to copy the RPM package on the AV server and start the installation as root with rpm.

[root@melete2 ~]# /bin/rpm -U /tmp/avs-12.1.1.1.0-51_130731.0100.x86_64.rpm
OK
[root@melete2 ~]#

As prerequisite all secure targets and avagents have to be stopped. A simple task on a test environment like I use. But this can become quite cumbersome in a real production environment with a couple of hundred secure targets.

Some MOS links related to this post.

  • Database Firewall 5.x and Oracle Audit Vault and Database Firewall 12.1 bundled patch reference [1328209.1]
  • Patch 16965973 12.1.1.1.0 PS1 bundle patch 1 for Oracle Audit Vault and Database Firewall
  • Patch 16965974 12.1.1.1.0 Full install images for Oracle Audit Vault and Database Firewall
  • Oracle Audit Vault and Database Firewall Readme Release 12.1.1 BP1

Enterprise Manager Cloud Control 12c Release 3

Oracle just released Enterprise Manager Cloud Control 12c Release 3. (see Oracle Enterprise Manager Downloads ) for all supported platforms. Is assume this release is related to Oracle Database 12c which has been released about a week ago.

The new release can immediately be downloaded downloaded on OTN for the following platforms:

What’s New in 12.1.0.3

According the online documentation this release includes the following new features:

    Framework and Infrastructure

  • Simplified OMS Disaster Recovery
  • System Dashboard Enhancements
  • LDAP Integration Enhancements
  • Administrator Entitlement Summary Page
  • Auditing Enhancements
  • Enterprise Manager Command Line Interface With Scripting Option
  • Administrator Entitlement Summary Page
    Enterprise Monitoring and Incident Management Features

  • Flexible Editing of Administration Group Hierarchy
  • Metric Extensions Enhancements
  • All Metrics Chart Enhancements
  • Incident Manager Updates in 12.1.0.3
  • Target Down Root Cause Analysis
  • SLA Management Enhancements
  • Service Target Dashboard

Fusion Application Management Features

  • Oracle Fusion Applications Plug-in 12.1.0.4 Features

Database Management Features

  • Performance Diagnostics Enhancements

Middleware Management Features

  • Fusion Middleware Plug-in 12.1.0.4 Features
  • Application Replay Enhancements

Exadata Features

  • Exadata Plug-in

Siebel Features

  • Siebel Plug-in 12.1.0.3

Extensibility

  • Support for SQL Server 2012 (32-bit / 64-bit)

Cloud Management Features

  • Cloud Management Plug-in 12.1.0.5 Features
  • Cloud Management Plug-in 12.1.0.6 Features
  • Virtualization Management Plug-in 12.1.0.5 Features

Lifecycle Management Features

  • Change Activity Planner
  • Offline Patching – Uploading Patches to the Software Library Directly from Remote Patch Repositories

Resources

Links all around the Enterprise Manager, software, presentations and documentation:

Requirements

The requirements are still the same as for 12c release 1 and release 2. The following excerpt has been taken from Oracle® Enterprise Manager Cloud Control Basic Installation Guide.

  • OS requirements: Oracle Linux 6, Oracle Linux 5.x, Red Hat Enterprise Linux 5.x, SUSE Linux Enterprise 10, SUSE Linux Enterprise 11, Asianux Server 3
  • Hardware Requirments OMS (small) : 2 Cores, 4 GB RAM 6 GB RAM with ADPFoot 1 , JVMDFoot 2, 10 GB Hard Disk Space or 14GB Hard Disk Space with ADP, JVMD

Enterprise Manager Cloud Control 12c Release 2

Today Oracle announced the general availability of Enterprise Manager Cloud Control 12c Release 2. (see press release Oracle Enterprise Manager 12c Release 2 Now Available ) The release introduces a bunch of new and improve capabilities for deploying and managing business applications in an enterprise private cloud, such as Java Platform-as-a-Service (PaaS), enhanced business application management, and integrated hardware-software management for Oracle Exalogic Elastic Cloud.

General availability means in this case, that the new binaries can be downloaded on OTN for Linux x86-64 (64-bit), Linux x86 (32-bit), Solaris Operating System (SPARC), Solaris Operating System (x86-64), IBM AIX on POWER Systems (64-bit) and Windows x86-64 (64-bit)

What’s New in 12.1.0.2

According the online documentation this release includes the following new features:

  • Framework and Infrastructure
  • EM CLI Verbs Available in the Software Library
  • Stage Operation
  • Enhanced Repository Page
  • New Oracle Management Service Page
  • Consolidated Agent Management Page
  • Dynamic Groups
  • Support for BI Publisher 11.1.6.0
  • Better Support for Changing WebLogic Server Demonstration Certificates
  • EM CLI Tracking and Setup
  • Support for Properties for Enterprise Manager Administrators

  • Enterprise Monitoring and Incident Management Features
    • Search in Administration Group Hierarchy
    • Monitoring Templates and Template Collections Enhancements
    • Grant Edit or Full Privileges on Metric Extensions
    • Monitoring Templates and Template Collections Enhancements
    • Incident Manager Updates

  • Fusion Middleware Plug-in 12.1.0.3 Features
  • Application Management Features
    • Oracle Fusion Applications Plug-in 12.1.0.3 Features

  • Cloud Management Features
    • Cloud Management Plug-in 12.1.0.4 Features
    • Virtualization Management Plug-in 12.1.0.3 Features

  • Heterogeneous (Non-Oracle) Management
    • Metadata Plug-In Support

    Resources

    Links all around the Enterprise Manager, software, presentations and documentation:

    Requirements

    The requirements are still the same as for 12c release 1. The following excerpt has been taken from Oracle® Enterprise Manager Cloud Control Basic Installation Guide.

    • OS Requirments: Oracle Linux 6, Oracle Linux 5.x, Red Hat Enterprise Linux 5.x, SUSE Linux Enterprise 10, SUSE Linux Enterprise 11, Asianux Server 3
    • Hardware Requirments OMS (small) : 2 Cores, 4 GB RAM 6 GB RAM with ADPFoot 1 , JVMDFoot 2, 10 GB Hard Disk Space or 14GB Hard Disk Space with ADP, JVMD

    As soon as I find time I’ll install this new release….

    Oracle Released EM 12c Cloud Control for Solaris

    As Oracle announce in there MOS Note 793512.1 EM 12c Cloud Control will be release in Q4. I would have bet it comes on 31 December, but Oracle just released EM12c for SPARC Solaris as well as for Solaris x86_64. I’ve just stated to download the software. Like for Linux there also two ZIP archive for each solaris release. Total size for each OS is almost 6GB. In addition to EM12c you have to download Oracle database 11g if you haven’t done it yet.

    Ok, here are the links and information related to EM12c for Solaris:

    Beside the EM12c downloads, there are also EM12c agents as separate download for Linux x86 (32-bit), Linux x86-64 (64-bit), Solaris Operating System (SPARC) and Solaris Operating System (x86-64) available. Download URL’s and documentation is available at the OTN page Enterprise Manager Agent Downloads. Each agent is about 250MB but these files can not be used to install a fresh 12.1 agent. This file will be used by 12.1 Self Update feature in offline mode. For information on using the Self Update feature, refer to the Oracle Enterprise Manager Cloud Control Administrator’s Guide.

    Mmh, now I just need a solaris test box to start with EM12c…