Oracle CPU patch July 2006 @ PDB

CPUJUL2006 for Physics Database Services.

Database Oracle Homes needs to be patched (all versions) as documented in Metalink's Note 372927.1 A third-party link with a description of the vulnerabilities: http://www.red-database-security.com/advisory/oracle_cpu_jul_2006.html

The following Oracle home types are not affected by this CPU patched:

• Oracle CRS
• Oracle Agent
• Oracle Client

The installation guide is in the README.html of the patch

PDB Schedule

Please update here the schedule and status: CPUJul06Schedule

RAC installation

NOTE: this patch is not rolling

• copy the patch locally into oracle_binaries/CPUJul06
• temporarily stop DB monitoring and backup, where relevant
• create a copy of the pfile on the node where you plan to run catcpu (postinstallation) (create pfile=.. from spfile)
• srvctl stop database -d ..
• srvctl stop asm -n <node-name>
• srvctl stop nodeapps -n <node-name>
• check that there are no oracle processes running from $ORACLE_HOME: ps -ef|grep ^oracle
• copy the patch into $HOME/oracle_software; unzip; cd 5225799
• $ORACLE_HOME/OPatch/opatch apply -local
• repeat for all nodes (note we prefer to apply locally even on RAC, for multinode RACs, pconsole can be used to run the same command on multiple nodes)

Post install

• from the patch home (5225799) cd files/cpu/CPUJul2006/
• startup nodeapps and ASM on the node you have chosen to run the post install step
• sqlsys_DB
• edit the pfile copy created earlier on and set cluster_database=false
• manual startup pfile=..
• if using putty increase the buffer size of the terminal window to fit 10k rows. Please note also that catcpu script will spool on a file called APPLY_....log
• SELECT OBJECT_NAME FROM DBA_OBJECTS WHERE STATUS= 'INVALID';
• @catcpu.sql
• @?/rdbms/admin/utlrp
• SELECT OBJECT_NAME FROM DBA_OBJECTS WHERE STATUS= 'INVALID';
• Note: ORA-02303: cannot drop or replace a type with type or table dependents (ignorable error from README.html) is an ignorable error
• when all checks are ok, shutdown the instance and proceed with the os paching

Listener.ora

• for production: edit listener.ora to remove default config
• sanity checks (most likely nothing to change): tnsnames.ora and dba_db_links

OS patch

• run as root
• mail computer operation to announce the reboot
• run the following upgrades (they will run for a few minutes) and in the mean time shutdown crs (in backgroud)
  • crsctl stop crs

/bin/rm /etc/nospma
spma_wrapper.sh   
ncm-ncd --co grub fmonagent
!!check the logs!!
shutdown -r now

• when the node is up, wait 5 to 10 minutes and the run (as root) lemon-host-check
• if you get this error message '"/var/run/edg-fmon-agent" does not exist', just wait another 5-10 minutes before running lemon-host-check again