{"id":1255,"date":"2013-07-23T07:57:52","date_gmt":"2013-07-23T05:57:52","guid":{"rendered":"http:\/\/www.oradba.ch\/?p=1255"},"modified":"2013-10-16T09:12:08","modified_gmt":"2013-10-16T07:12:08","slug":"oracle-released-cpu-psu-july-2013","status":"publish","type":"post","link":"https:\/\/www.oradba.ch\/wordpress\/2013\/07\/oracle-released-cpu-psu-july-2013\/","title":{"rendered":"Oracle released CPU \/ PSU July 2013"},"content":{"rendered":"

About a week ago Oracle has released the July Critical Patch Updates. Overall this CPU contains 89 new security fixes across several Oracle products like Database Server, MySQL Server, Sun Product Suite, WebLogic Server etc. For Oracle Database Server it does contain 6 fixes, but none of them is for client-only installation. 1 of these vulnerabilities may be remotely exploitable without authentication. According the Database risk matrix all supported versions are affected. Since the critical patch update does mainly fix vulnerabilities in the core RDBMS and Oracle executables, it is worth to have a closer look. I’ll test the critical patch update on my test systems as usual. But I do not expect problems, since MOS Note 1546428.1<\/a> does not yet list any known issues. Be aware that Critical Patch Update (CPU) are usually cumulative and do contain previous security fixes. If you do not regularly apply Critical Patch Updates, it is essential to check previous patch notes.<\/p>\n

First Testing<\/h3>\n

The Critical Patch Update could easily be installed on Linux x86-64bit, but opatch does fail with a few warnings. None of them prevents a successful installation. According to the Known Issues<\/a> section in the Patch ReadMe and the two Metalink Notes 1448337.1<\/a> and 854711.1<\/a> the output can be safely ignored.<\/p>\n

First Findings<\/h3>\n

After installing the patch and run catbundle I could identify a few changes on the hidden parameters. The following hidden parameters have been updated on my test system<\/p>\n

\nSQL> @hip _db_flash_cache_keep_limit\n\nParameter                  Session Instance   S I D Description\n-------------------------- ------- ---------- - - - --------------------------------------------------\n_db_flash_cache_keep_limit         217751120        Flash cache keep buffer upper limit in percentage\n\nSQL> @hip _fastpin_enable\n\nParameter                 Session Instance   S I D Description\n------------------------- ------- ---------- - - - --------------------------------------------------\n_fastpin_enable                   217827585        enable reference count based fast pins\n<\/pre>\n
The following hidden parameter has been removed<\/p>\n
\nSQL> @hip _db_flash_cache_keep_limit\n\nParameter                   Session Instance   S I D Description\n--------------------------- ------- ---------- - - - --------------------------------------------------\n_thirteenth_spare_parameter                          thirteenth spare parameter - string\n<\/pre>\n
But the strange thing is, the following new hidden parameters.<\/p>\n
\nSQL> @hip _july2013_cpu_admin_user_fix\n\nParameter                    Session Instance   S I D Description\n---------------------------- ------- ---------- - - - --------------------------------------------------\n_july2013_cpu_admin_user_fix                          july2013 cpu admin user fix\n<\/pre>\n
So far I could not figure out the purpose of _july2013_cpu_admin_user_fix<\/em> parameter. It look’s somehow like a temporary fix for something. I assume it will disappear in the next Critical Patch Update on october 2014. <\/p>\n
CPU Release Dates<\/h3>\n
The next four Critical Patch Updates will be released at the following dates:<\/p>\n