甲骨文公司(Oracle Corp)会在今天的(2012-01-17 Tuesday)的晚些时候发布最新的数据库安全补丁Critical Patch Update January 2012;
在OTN的CPU security专题页面上已经生成了《Oracle Critical Patch Update Pre-Release Announcement – January 2012》的页面;将要发布的安全补丁涵盖多个版本的Oracle数据库:
Affected Products and Components
Security vulnerabilities addressed by this Critical Patch Update affect the following products:
- Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
- Oracle Database 11g Release 1, version 11.1.0.7
- Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
- Oracle Database 10g Release 1, version 10.1.0.5
实际因为版本10gR2已经正式进入Extended Support扩展支持阶段,所以下载10.2.0.4、10.2.0.5今后的CPU、PSU将(10.2.0.4.10、10.2.0.5.5 以后)需要用户已购买甲骨文公司的扩展支持服务包。
“甲骨文称,有27个补丁是修复MySQL数据库中的安全漏洞。其中一个安全漏洞不需要登录证书就可以在网络上利用。按照通用安全漏洞评分系统(CVSS)数据库的平分,MySQL数据库安全漏洞的最高等级是5.5,属于中等风险等级。
另外两个补丁修复甲骨文数据中的安全漏洞。甲骨文还计划为Fusion中间件软件发布11个补丁。其中修复的5个安全漏洞能够远程利用,不需要用户身份识别。
在应用程序方面,甲骨文电子商务套装软件将得到3个安全补丁。供应链应用套装软件将得到1个安全补丁。仁科软件得到6个补丁。JD Edwards软件得到8个补丁。
大约17个安全补丁与Sun的产品有关,其中包括6个不需要证书就可以远程利用的安全漏洞。受影响的产品包括GlassFish企业服务器和和Solaris OS。
另外3个补丁用于甲骨文包括VirtualBox在内的虚拟化技术。”
在My Oracle Support (MOS)服务站点上已经生成了<Oracle Critical Patch Update January 2012 Documentation Map [ID 1368685.1]>这个补丁文档patch note:
“Oracle provides Critical Patch Updates to its customers to fix security vulnerabilities. This document defines the Documentation Map to documents identifying patches and minimum releases that are required for the Oracle products to address the security vulnerabilities that are announced in the Advisory for January 2012 (the updates will be entered here when CPU is released). ”
补丁列表已发布:
Patch Availability for Oracle Database 11.2.0.3
Oracle Database 11.2.0.3 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows x64 (64-bit) | Advisory Number | Comments |
---|---|---|---|---|---|
Oracle Database home | CPU Patch 13466801, or DB PSU Patch 13343438, or GI PSU Patch 13348650, or Database patch for Exadata Patch 13513783, or Quarterly Full Stack download for Exadata Patch 13551280 | Bundle Patch 13413167 | Bundle Patch 13413168 |
Patch Availability for Oracle Database 11.2.0.2
Oracle Database 11.2.0.2 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows x64 (64-bit) | Advisory Number | Comments |
---|---|---|---|---|---|
Oracle Database home | CPU Patch 13343244, or DB PSU Patch 13343424, or GI PSU Patch 13343447, or Exadata Database Recommended Patch 14 Patch 13556724 | Bundle Patch 13413154 | Bundle Patch 13413155 | CVE-2012-0072, CVE-2012-0082 |
Patch Availability for Oracle Database 11.1.0.7
Oracle Database 11.1.0.7 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows x64 (64-Bit) | Advisory Number | Comments |
---|---|---|---|---|---|
Oracle Database home | CPU Patch 13343453, or PSU Patch 13343461 | Bundle Patch 13460955 | Bundle Patch 13460956 | CVE-2012-0072, CVE-2012-0082 | |
Oracle Database home | Patch 9288120 | Patch 9288120 | Patch 9288120 | Released April 2011 | Database UIX
For Oracle Secure Enterprise Search 11.1.2.x installations, follow the instructions given in MOS note Note 1359600.1. |
Oracle Database home | Patch 10073948 | Patch 10073948 | Patch 10073948 | Released April 2011 | Enterprise Manager Database Control UIX
Not applicable to Oracle Secure Enterprise Search 11.1.2.x |
Oracle Database home | Patch 11738232 | Patch 11738232 | Patch 11738232 | Released April 2011 | Warehouse Builder
Not applicable to Oracle Secure Enterprise Search 11.1.2.x |
Patch Availability for Oracle Database 10.2.0.5
Oracle Database 10.2.0.5 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows Itanium (64-Bit) | Microsoft Windows x64 (64-Bit) | Advisory Number | Comments |
---|---|---|---|---|---|---|
Oracle Database home | CPU Patch 13343467, or PSU Patch 13343471 | Bundle Patch 13460967 | NA | Bundle Patch 13460968 | CVE-2012-0072, CVE-2012-0082 | |
Oracle Database home | Patch 12536181 | NA | NA | NA | Released July 2011 | Enterprise Manager Database Control
For HP-UX PA-RISC and HP-UX Itanium platforms only |
Oracle Database home | Patch 11738172 | Patch 11738172 | Patch 11738172 | Patch 11738172 | Released April 2011 | Warehouse Builder |
Patch Availability for Oracle Database 10.2.0.4
Oracle Database 10.2.0.4 | UNIX | Advisory Number | Comments |
---|---|---|---|
Oracle Database home | CPU Patch 12879912, or PSU Patch 12879929 | CVE-2012-0072, CVE-2012-0082 | |
Oracle Database home | Patch 12536167 | Released July 2011 | Enterprise Manager Database Control
For HP-UX PA-RISC and HP-UX Itanium platforms only |
Oracle Database home | Patch 9249369 | Released April 2011 | Database UIX |
Oracle Database home | Patch 12758181 | Released July 2011 | Enterprise Manager Database Control UIX |
Oracle Database home | Patch 9273865 | Released April 2011 | iSqlPlus UIX |
Component | IBM zSeries (z/OS) | Advisory Number | Comments |
---|---|---|---|
Oracle Database home | CPU Patch 13343479 | CVE-2012-0072, CVE-2012-0082 |
Patch Availability for Oracle Database 10.1.0.5
Oracle Database 10.1.0.5 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows Itanium (64-Bit) | Advisory Number | Comments |
---|---|---|---|---|---|
Oracle Database home | Patch 6640838 | Patch 6640838 | Patch 6640838 | Released October 2010 | Oracle Universal Installer |
Oracle Database home | Patch 11842285 | NA | NA | Released July 2011 | Oracle Universal Installer |
Oracle Database home | CPU Patch 13343482 | Bundle Patch 13413002 | Bundle Patch 13413003 | CVE-2012-0072, CVE-2012-0082 | |
Oracle Database home | Patch 12535977 | NA | NA | Released July 2011 | Enterprise Manager Database Control
For HP-UX PA-RISC and HP-UX Itanium platforms only |
Oracle Workspace Manager home | Patch 7341989 | Patch 7341989 | Patch 7341989 | Released April 2009 | |
Oracle Database home | Patch 9249369 | Patch 9249369 | Patch 9249369 | Released April 2011 | Database UIX |
Oracle Database home | Patch 10036362 | Patch 10036362 | Patch 10036362 | Released April 2011 | Enterprise Manager Database Control UIX |
Oracle Database home | Patch 9273888 | Patch 9273888 | Patch 9273888 | Released April 2011 | iSqlPlus UIX |
Patch Set Update Availability for Oracle Database
Oracle Database | UNIX | Advisory Number | Comments |
---|---|---|---|
11.2.0.2.4 Database PSU | Patch 13343424 | See Section 3.1.3.3, “Oracle Database 11.2.0.2” | |
11.2.0.2.4 Grid Infrastructure PSU | Patch 13343447 | See Section 3.1.3.3, “Oracle Database 11.2.0.2” | Includes CPUJan2012 and 11.2.0.2.4 Database PSU
IBM: Linux on System Z and HP-UX PA-RISC are On-Request Platforms for GI PSU 11.2.0.2.4 |
11.2.0.2 BP12 for Exadata | Patch 13556724 | See Section 3.1.3.3, “Oracle Database 11.2.0.2” | Includes CPUJan2012 and 11.2.0.2.4 Database and Grid Infrastructure PSU fixes for Exadata |
11.1.0.7.9 Database PSU | Patch 13343461 | See Section 3.1.3.4, “Oracle Database 11.1.0.7” | |
11.1.0.7.7 CRS PSU | Patch 11724953 | Released April 2011 | |
10.2.0.5.5 Database PSU | Patch 13343471 | See Section 3.1.3.5, “Oracle Database 10.2.0.5” | |
10.2.0.5.2 CRS PSU | Patch 9952245 | Released January 2011 | IBM: Linux on System Z, Solaris x86-64 and HP-UX PA-RISC are On-Request Platforms for CRS PSU 10.2.0.5.2 |
10.2.0.4.10 Database PSU | Patch 12879929 | See Section 3.1.3.6, “Oracle Database 10.2.0.4” | Overlay PSU |
10.2.0.4.4 Database PSU | Patch 9352164 | Released April 2010 | Base PSU for 10.2.0.4.10 |
10.2.0.4.4 CRS PSU | Patch 9294403 | Released April 2010 |
在11gR2 当前最新版本11.2.0.3的第一个psu 11.2.0.3.1中修复了几十个bug:
CPU molecules in PSU 11.2.0.3.1:
PSU 11.2.0.3.1 contains the following new PSU 11.2.0.3.1 molecules:
13499128 – DB-11.2.0.3-MOLECULE-001-CPUJAN2012
13528551 – DB-11.2.0.3-MOLECULE-002-CPUJAN2012
Bug Fixes
See My Oracle Support Note 1340011.1 that documents all the non-security bugs fixed in each 11.2.0.2 Patch Set Update (PSU).
PSU 11.2.0.3.1 contains the following new fixes:
Automatic Storage Management
9703627 – 11.2.0.2: ROOT USE OF ASMCMD PLACES ALERT.LOG IN USER DIRECTORY
12620823 – SOL-SP64-11203:ASM INSTANCE HANG DURING CRS STACK STARTING ON THE SECOND NODE
12797765 – SOL_SP64: AFTER ALL DISKS FAILURE, DG CAN’T BE DISMOUNTED ON T2000-3
12905058 – REBOOT 2 CELL NODES, CHECKFILE FOUND CORRUPTION BLOCK IN 3 UNDO DATAFILES
12938841 – 11203_ASM_SOL_SP64:RACE BETWEEN ADD DISK AND DISMOUNT MAY CAUSE KFGUSENUM01
12950644 – RBAL HIT ORA-07445:[KFDGLOBALOPEN()+738], ASM INST ABORT
Generic
9873405 – ORA-600 DURING FAST REFRESH AFTER 11.2.0.1.0 TO 11.2.0.2.0 UPDATE.
High Availability
12718090 – LNX64-11203-RAC:DB FG RROC HIT ORA-00600[KCLCHKBLK_3]
12834027 – ORA-00600 [KJBMPRLST:SHADOW] & [KJBRASR:PKEY] IN A READ MOSTLY & SKIP LOCK ENV
12847466 – AROLTP-C: HANG SIGNATURE: ‘GC CURRENT REQUEST'<=’GC BUFFER BUSY ACQUIRE’
12861463 – RAC PERF: DEFAULT VALUE FOR _LM_SINGLE_INST_AFFINITY_LOCK SHOULD BE FALSE
12917230 – QUERY WITH TEMP TABLE TRANSFORMATION RUNS 5X SLOWER WAITING FOR REMASTERING
12998795 – AROLTP-C: HANG SIGNATURE: ‘GC CURRENT REQUEST'<=’GC BUFFER BUSY ACQUIRE’
13035804 – LACK OF DLM PSEUDO RECONFIGURATION TEXTUAL REASON
Oracle Space Management
13041324 – HCC ON ZFS AND PILLAR STORAGE
13492735 – DISALLOW ADDING NON-HCC DATAFILE TO HCC TABLESPACE
Oracle Virtual Operating System Services
13362079 – HCC SHOULD NOT BE ENABLED FOR NON ZFS/ PILLAR STORAGE ARRAY