補丁術語
https://blog.csdn.net/FC_BarceIona/article/details/79257280
oracle 打patch 總結
http://blog.itpub.net/15412087/viewspace-2150735/
Advisory
adj. 咨詢的;顧問的;勸告的
n. 報告;公告
Oracle Critical Patch Update Advisory - January 2018
cpu
psu
spu
CPU:Critical Patch Update,緊急補丁更新。每季度發布一次,用來修復安全方面的累積型補丁,即最新的CPU補丁已經包含以往的CPU補丁,只需安裝最新的CPU補丁即可。
CPU已更名為SPU(Security Patch Update)。
PSU:Patch Set Update,補丁集更新。Oracle選取在每個季度用戶下載數量最多、且得到驗證具有較低風險的補丁放入到每個季度的PSU中。在每個PSU中不但包含Bug的修復,還包含了最新的CPU。PSU通常隨CPU一起發布。PSU通常是增量的,大部分PSU可以直接安裝,但有些PSU必須要求安裝上一個版本的PSU之后才能繼續安裝。
1.interim patch/one-off patch
個別補丁(InterimPatch,one-off patch 或 Patch Set Exception)
是我們常說的小補丁,為了修復某個bug而發布的補丁,這種補丁推薦在測試庫上測試無誤后再安裝在生產庫上。
2.merged patch
合並的補丁,當幾個小補丁之間沖突,不能同時安裝的時候,需要提供這種 merged patch。補丁沖突主要是由於2個或者多個補丁修改同一個文件,但是修改的內容是不同的。
3.bundle patch
補丁集,修復多個bug。在windows 平台的oracle 沒有小補丁,只有這種補丁集,至少每季度發布一次,是累積性的,也就是說每個bundle patch 會包含之前所有的bundle patch。例如 windows bundle patch 16,它會包含之前所有的15個bundle patch,所以,建議總是安裝最新的bunlde patch。oracle 的集群軟件和數據庫軟件的Windows bundle patch是同一個,例如Windows bundle patch 16 即可以打在集群上,也可以打在數據庫上,要了解windows bundle patch 的補丁號,可參考mos:Note 161549.1 Oracle Database, Networking and Grid Agent Patches for Microsoft Platforms
4.critical patch update(CPU)
Oracle公司還定期發布安全補丁,稱之為CPU(Critical Patch Updates)
每季度發布一次,用來修復安全方面的一些補丁,是累積型的,目前已更名為security patch update(SPU)。可以通過下面的鏈接查看各個CPU所修復的具體問題:http://www.oracle.com/technetwork/topics/security/alerts-086861.html
5.patch set update (PSU)
每季度發布一次,修復比較嚴重的問題,包含每季度的CPU,是累積型的。雖然在描述PSU的時候會用到數據庫版本的第五位,比如 Database PSU 11.2.0.3.5,但實際上打完PSU后,並不會真正的改變數據庫的版本。從v$version中看到的版本還是11.2.0.3.0。
Windows上沒有CPU和PSU。oracle數據庫的集群和數據庫軟件使用不同的PSU。可以參考下面的mos文檔了解每個季度的CPU,PSU,Windows bundle patch 的具體補丁號:Assistant: Download Reference for Oracle Database/GI PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases (文檔 ID 2118136.2)
6.patch set
是在大版本上發布的補丁集,修復了較多的bug,可能會包含一些增強功能,比如 11.2是一個大版本,那么11.2.0.2就是一個patch set。這種補丁集經過了嚴格的集成測試,也是累積型的。所以我們總是推薦安裝最新的patch set。
7.diagnostic patch
診斷補丁,有時候診斷一個問題的時候。為了獲得更多的診斷信息,oracle的開發部門會提供一個diagnostic patch 這種補丁不是為了修復問題,而是診斷問題。
8.composite patch
從2012年4月份的database psu 11.2.0.3.2開始,推出一種新的概念叫composite patches,這是一種新型的補丁包。它不同於其他類型的補丁包,如果第一次安裝composite patches 那么composite patches所包含的全部補丁都會被安裝, 后續安裝的composite patches,只會安裝對比前一次composite patches 有變化的部分和新增加的補丁。
==============================================
You must use the OPatch utility version 11.2.0.3.5 or later to apply this patch.
Oracle recommends that you use the latest released OPatch version for 11.2, which is available for download from My Oracle Support patch 6880880 by selecting the 11.2.0.0.0 release.
==============================================
Patch 6880880
Description: OPatch patch of version 11.2.0.3.21 for Oracle software releases 11.2.0.x (APR 2019)
Product: Universal Installer
Select a Release: Oracle 11.2.0.0.0
Platform or Language: Linux x86-64
Last Updated: 17-APR-2019
Size: 107M (113112960 bytes)
==============================================
oracle database psu 、bundle patch 的命名規則一般是按照推出的先后順序,比如在2015年10月 推出的11.2.0.4的第8個db psu 就命名為:db psu 11.2.0.4.8 ;
2016年1月份推出對PSU、SPU、Bundle Patch新的命名規則。 新的命名規則為(以11.2.0.4為例):11.2.0.4.YYMMDD ,YYMMDD為主要patch (PSU、SPU、Bundle)發布的具體日期年份后兩位、兩位的月份以及兩位的日期。如:11.2.0.4.180116表示這11.2.0.4的PSU 是在18年1月16日推出的patch。通過補丁號可以很直觀的看到數據庫是否打了對應時間的補丁。
數據庫/GI PSU,SPU(CPU),Bundle Patches 和 Patchsets 補丁號碼快速參考 (文檔 ID 1922396.1)
Assistant: Download Reference for Oracle Database/GI Update, Revision, PSU, SPU(CPU), Bundle Patches, Patchsets and Base Releases (文檔 ID 2118136.2)
https://blog.csdn.net/jycjyc/article/details/89949353
| 11.2.0.4 |
||||
| Description | PSU | SPU(CPU) | GI PSU | Bundle Patch (Windows 32bit & 64bit) |
| APR2019 (11.2.0.4.190416) | 29141056 | 28790634 | 29255947 | 29218820 |
| JAN2019 (11.2.0.4.190115) | 28729262 | 28790634 | 28813878 | 28761877 |
| OCT2018 (11.2.0.4.181016) | 28204707 | 28364007 | 28429134 | 28265827 |
| JUL2018 (11.2.0.4.180717) | 27734982 | 27870645 | 27967757 | 27695940 |
| APR2018 (11.2.0.4.180417) | 27338049 | 26474853 | 27475913 | 27381640 |
| JAN2018 (11.2.0.4.180116) | 26925576 | N/A | 27107360 | 27162965 |
| OCT2017 (11.2.0.4.171017) | 26392168 | 26474853 | 26635745 | 26581376 |
| AUG2017 (11.2.0.4.170814) | 26609445 | N/A | 26610246 | 26194138 |
| JUL2017 (11.2.0.4.170718) | 25869727 | 25879656 | 26030799 | 26194136 |
| APR2017 (11.2.0.4.170418) | 24732075 | 25369547 | 25476126 | 25632525 |
| JAN2017 | N/A | N/A | N/A | N/A |
| OCT2016 (11.2.0.4.161018) | 24006111 | 24433711 | 24436338 | 24591646 |
| JUL2016 (11.2.0.4.160719) | 23054359 | 23177648 | 23274134 | 23530402 |
| APR2016 (11.2.0.4.160419) | 22502456 | 22502493 | 22646198 | 22839608 |
| JAN2016 (11.2.0.4.160119) | 21948347 | 21972320 | 22191577 | 22310544 |
| OCT2015 | 21352635 (11.2.0.4.8) | 21352646 | 21523375 (11.2.0.4.8) | 21821802 (11.2.0.4.20) |
| JUL2015 | 20760982 (11.2.0.4.7) | 20803583 | 20996923 (11.2.0.4.7) | 21469106 (11.2.0.4.18) |
| APR2015 | 20299013 (11.2.0.4.6) | 20299015 | 20485808 (11.2.0.4.6) | 20544696 (11.2.0.4.15) |
| JAN2015 | 19769489 (11.2.0.4.5) | 19854503 | 19955028 (11.2.0.4.5) | 20127071 (11.2.0.4.12) |
| OCT2014 | 19121551 (11.2.0.4.4) | 19271443 | 19380115 (11.2.0.4.4) | 19651773 (11.2.0.4.10) |
| JUL2014 | 18522509 (11.2.0.4.3) | 18681862 | 18706472 (11.2.0.4.3) | 18842982 (11.2.0.4.7) |
| APR2014 | 18031668 (11.2.0.4.2) | 18139690 | 18139609 (11.2.0.4.2) | 18296644 (11.2.0.4.4) |
| JAN2014 | 17478514 (11.2.0.4.1) | 17551709 | N/A | 17987366 (11.2.0.4.1) |
| Patchsets | - |
|---|---|
| 12.1.0.2 (12.1.0.2.0 PATCH SET FOR ORACLE DATABASE SERVER) | 21419221 |
| 11.2.0.4 (11.2.0.4.0 PATCH SET FOR ORACLE DATABASE SERVER) | 13390677 |
| 11.2.0.3 (11.2.0.3.0 PATCH SET FOR ORACLE DATABASE SERVER) | 10404530 |
| 11.2.0.2 (11.2.0.2.0 PATCH SET FOR ORACLE DATABASE SERVER) | 10098816 |
==============================================
p29251270_112040_Linux-x86-64.zip 有
p29255947_112040_Linux-x86-64.zip 無
p29141056_112040_Linux-x86-64.zip 有,oracle rac
p27734982_112040_Linux-x86-64.zip 有
p24732075_112040_Linux-x86-64.zip 無,安裝文檔中看到的
https://download.csdn.net/download/nbjjy/11150155 opatch軟件
https://download.csdn.net/download/nbjjy/11150161 46.35MB
CVE-2018-2575 Core RDBMS
Applicable only to Windows platform.
關於這個危急漏洞,只適用於windows平台,我們是在linux,就不用管這個了
==============================================
背景知識
需要support identifier
https://updates.oracle.com/Orion/PatchDetails/process_form?patch_num=13390677
https://updates.oracle.com/Orion/PatchDetails/process_form?patch_num=10404530
映射關系
CVE-2019-2444--------->Oracle Critical Patch Update January 2019
https://www.oracle.com/technetwork/topics/security/public-vuln-to-advisory-mapping-093627.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2575
Learn more at National Vulnerability Database (NVD)
CVE ID CVE-2018-2575
CNNVD CNNVD-201801-779
有資源
https://me.csdn.net/download/nbjjy
p29251270_112040_Linux-x86-64.zip
注意是64位的操作系統。請配合最新Opath補丁安裝軟件p6880880_112000_Linux-x86-64.zip(11.2.0.3.21)
p6880880_112000_Linux-x86-64.zip(11.2.0.3.21)
p6880880_112000_Linux-x86-64.zip(11.2.0.3.21) 最新Opath補丁安裝軟件,注意是64位的操作系統。
請配合最新補丁進行安裝p29255947_112040_Linux-x86-64.zip、p29141056_112040_Linux-x86-64.zip
==================================================
具體實施
1、IP:192.168.1.220
2、操作系統:CentOS 6.10 x86_64
3、Oracle軟件安裝包:p13390677_112040_Linux-x86-64_1of7.zip、p13390677_112040_Linux-x86-64_2of7.zip
4、Oracle版本:11.2.0.4.0
5、OPatch軟件安裝包:p6880880_112000_Linux-x86-64.zip(大小為108M)
6、OPatch版本:11.2.0.3.20
7、Patch補丁包:p28729262_112040_Linux-x86-64.zip
8、Patch ID:Patch 28729262(Oracle Database Patch Set Update 11.2.0.4.190115)
這是初始版本
p13390677_112040_Linux-x86-64_1of7.zip
這是較新的補丁集
p6880880_112000_Linux-x86-64.zip
p28729262_112040_Linux-x86-64.zip
unzip -q p6880880_112000_Linux-x86-64.zip
unzip -q p28729262_112040_Linux-x86-64.zip
根據補丁包中的README.html幫助文檔,Patch 28729262要求的OPatch最低版本為11.2.0.3.5
============================================================
具體實施命令
p6880880_112000_Linux-x86-64.zip
p27734982_112040_Linux-x86-64.zip
tar zcvf optach4.tar /u01/app/oracle/product/11.2.0.4/db_1/OPatch/
rm -rf /u01/app/oracle/product/11.2.0.4/db_1/OPatch/
unzip -d /u01/app/oracle/product/11.2.0.4/db_1/ /ceph/fileserver/soft/oracle/p6880880_112000_Linux-x86-64.zip
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch lsinventory
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch version
unzip /ceph/fileserver/soft/oracle/p27734982_112040_Linux-x86-64.zip
cd 27734982
lsnrctl stop
shutdown immediate
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch apply
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch lsinventory
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch lspatches
lsnrctl start
startup
select * from dba_registry;
select * from dba_registry_history;
SQL> @?/rdbms/admin/catbundle.sql psu apply
SQL> @?/rdbms/admin/utlrp.sql
select * from dba_registry_history;
This document describes how you can install Patch 20406239 - Oracle JavaVM Component 11.2.0.4.3 Database PSU on your Oracle Database 11g Release 2 (11.2.0.4.0).
Patch 27734982 - Oracle Database Patch Set Update 11.2.0.4.180717
===========================
/u01/app/oracle/product/11.2.0.4/db_1/OPatch/opatch apply
報了這個錯
Applying sub-patch '27734982' to OH '/u01/app/oracle/product/11.2.0.4/db_1'
Patching component oracle.ctx, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.ctx.rsf, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
OPatch found the word "error" in the stderr of the make command.
Please look at this stderr. You can re-run this make command.
Stderr output:
chmod: changing permissions of `/u01/app/oracle/product/11.2.0.4/db_1/bin/extjobO': Operation not permitted
make: [iextjob] Error 1 (ignored)
Composite patch 27734982 successfully applied.
OPatch Session completed with warnings.
Log file location: /u01/app/oracle/product/11.2.0.4/db_1/cfgtoollogs/opatch/opatch2019-08-01_08-31-40AM_1.log
OPatch completed with warnings.
[oracle@cu-dbs-152 27734982]$