Oracle CPU patch July 2006 @ PDB
CPUJUL2006 for Physics Database Services.
Database Oracle Homes needs to be patched (all versions) as documented in
Metalink's Note 372927.1
A third-party link with a description of the vulnerabilities:
http://www.red-database-security.com/advisory/oracle_cpu_jul_2006.html
The following Oracle home types are not affected by this CPU patched:
- Oracle CRS
- Oracle Agent
- Oracle Client
The installation guide is in the README.html of the patch
PDB Schedule
Please update here the schedule and status: CPUJul06Schedule
RAC installation
NOTE: this patch is not rolling
- copy the patch locally into oracle_binaries/CPUJul06
- temporarily stop DB monitoring and backup, where relevant
- create a copy of the pfile on the node where you plan to run catcpu (postinstallation) (create pfile=.. from spfile)
- srvctl stop database -d ..
- srvctl stop asm -n <node-name>
- srvctl stop nodeapps -n <node-name>
- check that there are no oracle processes running from $ORACLE_HOME: ps -ef|grep ^oracle
- copy the patch into $HOME/oracle_software; unzip; cd 5225799
- $ORACLE_HOME/OPatch/opatch apply -local
- repeat for all nodes (note we prefer to apply locally even on RAC, for multinode RACs, pconsole can be used to run the same command on multiple nodes)
Post install
- from the patch home (5225799) cd files/cpu/CPUJul2006/
- startup nodeapps and ASM on the node you have chosen to run the post install step
- sqlsys_DB
- edit the pfile copy created earlier on and set cluster_database=false
- manual startup pfile=..
- if using putty increase the buffer size of the terminal window to fit 10k rows. Please note also that catcpu script will spool on a file called APPLY_....log
- SELECT OBJECT_NAME FROM DBA_OBJECTS WHERE STATUS= 'INVALID';
- @catcpu.sql
- @?/rdbms/admin/utlrp
- SELECT OBJECT_NAME FROM DBA_OBJECTS WHERE STATUS= 'INVALID';
- Note: ORA-02303: cannot drop or replace a type with type or table dependents (ignorable error from README.html) is an ignorable error
- when all checks are ok, shutdown the instance and proceed with the os paching
Listener.ora
- for production: edit listener.ora to remove default config
- sanity checks (most likely nothing to change): tnsnames.ora and dba_db_links
OS patch
- run as root
- mail computer operation to announce the reboot
- run the following upgrades (they will run for a few minutes) and in the mean time shutdown crs (in backgroud)
/bin/rm /etc/nospma
spma_wrapper.sh
ncm-ncd --co grub fmonagent
!!check the logs!!
shutdown -r now
- when the node is up, wait 5 to 10 minutes and the run (as root) lemon-host-check
- if you get this error message '"/var/run/edg-fmon-agent" does not exist', just wait another 5-10 minutes before running lemon-host-check again