Oracle Database 11.2 April 2012 CPU Includes OC4J 10.1.3.4 Patch

We received an email today from one of the Oracle Application Server Install and Admin Support Delivery Managers bringing to light that a number of Service Requests are being raised by DBAs questioning whether the Oracle Database 11.2 April CPU genuinely requires an OC4J (Oracle Containers for Java) patch to be applied. To quote from:

Patch Set Update and Critical Patch Update April 2012 Availability [ID 1406574.1]
Table 6 Patch Availability for Oracle Database 11.2.0.3

includes the row:

Product Home Patch Advisory Number Comments
Oracle Database home Patch 13705478 CVE-2011-5035 OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)

** Be sure to check  ID 1406574.1  for the rest of the table details. Above is just an excerpt!

OC4J is normally a component which administrators associate with Oracle Application Server 10g - it's not a component one normally associates with the Oracle Database.

It is, however, NOT a documentation bug. The April 2012 Critical Patch Update document is accurate.  There is a 10.1.3.4 OC4J directory found in the 11.2.0.3 Database Home.  This patch covers a public vulnerability - CVE-2011-5035 - within that directory.  In fact, this patch was actually released as part of the January 2012 Security Alert, refer to:

Oracle WebLogic Server and Oracle Application Server (OC4J) Security Alert for CVE-2011-5035 [ID 1400322.1]

DBAs maintaining Oracle Database 11.2 should apply this Patch 13705478 , following the README bundled with it to ensure it is applied without issue.

Comments:

Dear Respected sir and madam .
Please find my questions that , I want to know that what is the optimized value of the following Connections and Timeouts in oc4j of the following parameter.

Connections:-
----------------
Initial size of Connection Cache:-
Minimum Number of Connections:-
Maximum Number of Connections:-
Connection Retry Interval (seconds):-
Maximum Connection Attempts:-
Maximum Number of Statements Cached:-
Lower Threshold Limit On Pool (%):-

Timeouts:-
-------------------
Inactivity Timeout (seconds):-
Wait For Used Connection Timeout (seconds):-
Max Active Time for a Used Connection (seconds):-
Abandoned Connection Timeout (seconds):-
Enforce Timeout Limits Interval (seconds):-

Kind regards
Santosh kumar.

Posted by guest on March 26, 2013 at 10:54 AM GMT #

Hi Santosh

Your comment / question does not have a direct relationship with Patch 13705478 / CVE-2011-5035. It pertains to OC4J performance tuning.

Take a look at

Oracle Application Server Performance Guide 10g Release 3 (10.1.3.1.0)
Chapter 3 Top Performance Areas
[http://docs.oracle.com/cd/B31017_01/core.1013/b28942/top_issues.htm#BCFIDGIB]

If that does not help, log a Service Request via My Oracle Support and a support engineer will be happy to advise.

Posted by Dan Mortimer on March 26, 2013 at 12:04 PM GMT #

Thank you for download

Posted by cho pyong hee on May 03, 2013 at 12:28 PM BST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

This is the blog of the Oracle Fusion Middleware Proactive Support Delivery Team. Here we will provide information about our activities, publications, product related information and more. Feedback welcome.

Follow OracleMWSupport on Twitter

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today