News, tips, partners, and perspectives for the Oracle Solaris operating system

A Solaris Recommended Patchset to bind them all

Gerry Haskins
Director Security and Release Management

I've long been of the opinion that there should be a single generic set of Solaris recommended patches which customers are consistently recommended to install in proactive maintenance windows for issue prevention. It's something I've been working towards for quite a while.

A collaborative effort between the Software Patch Services, Enterprise Installation Standards (EIS), Sun Risk Analysis System (SRAS) - now renamed Oracle Risk Analysis Services (ORAS) - and the Explominer team in the Oracle Solaris Technical Center (TSC), has achieved this goal with the creation of the Recommended Patchset for Solaris.  

Up until now, while the Solaris OS Recommended Patch Cluster was the core basis for Solaris patch recommendations, various teams tended to recommend their own favorite patches on top of this core set.  This wasn't just by whim.  Each team was looking at patching from a slightly different angle - for example various angles of proactive patching (issue prevention) versus reactive patching (issue correction).

The Recommended Patchset for Solaris is the result of the combined wisdom of the various teams.  It is designed for proactive patching (issue prevention).  The contents are generic and should be suitable for most customer configurations.  You should still read the README file and follow its instructions to ensure all of the patches included are appropriate to your specific environment.  You should test the patchset on a test system which closely mimics your production systems prior to deployment. 

You may still legitimately be asked by support to install additional patches to fix issues specific to your environment in reactive maintenance situations (issue correction).  But this should only be after due diligence to ensure that such patches are likely to fix the specific issue encountered.

The Recommended Patchset for Solaris is the new name for the Solaris OS Recommended Patch Cluster.  It's available from MOS (including 'wget'), EIS, Ops Center, etc.  We've changed the name to use the Oracle standard terminology "patchset".  I never liked the name Solaris Patch Cluster as there was a risk of it being confused with the Solaris Cluster product to which it bears no relation.  In due course other patch "clusters" and patch "bundles" are likely to transition to the name "patchset". 

The install script and code word needed to invoke it (which is contained in the README file) have been renamed to reflect the name change from "cluster" to "patchset". 

Customers who have installed the Solaris OS Recommended Patch Cluster may notice the additional patches included in the Recommended Patchset for Solaris the first time they install it.  After that, it'll be business as usual.  Many of these additional patches are already pre-applied into Solaris Update releases, so customers on later update releases should see little difference.

As before, the Recommended Patchset for Solaris will continue to be updated whenever a patch matching its inclusion criteria is released.  This can happen several times a month.  Just take the latest which matches your proactive maintenance window schedule. 

And as before, once a quarter, the Recommended Patchset for Solaris will be archived and renamed as the Critical Patch Update in line with standard Oracle practice.  (See previous blog postings.)

To create the Recommended Patchset for Solaris, we took the Solaris OS Recommended Patch Cluster and analyzed the additional Solaris patches which the Explominer team recommend be added on top of it for the monthly EIS patch baselines. Where those additional patches added real value - i.e. were of significant benefit to many customers - we added them to the recommended patch set.  Where they didn't add real value, we discarded them.  We then made sure that a system on which the resultant Recommended Patchset for Solaris was installed passed with a clean bill of health from the ORAS risk analysis audits.

So now, the Solaris OS patches in the EIS patch baselines will be the Recommended Patchset for Solaris with input from the Explominer and other teams included, and will be tested with ORAS.  These are the patch baselines available in Ops Center.  We have set up a panel of patch experts from the teams mentioned above to adjudicate on future potential additions to the Recommended Patchset for Solaris.

Previously, the criteria for including a patch in the Solaris OS Recommended Patch Cluster was quite strict: a patch had to address a Security, Data Corruption, or System Availability issue; be a patch utilities patch, or be required by the above.  In future, other patches which add real value for many customers may be included - for example, a patch for a commonly used driver which delivers significant performance improvements.  The goal remains the same - to include the most critical generic patches which we recommend customers install in proactive maintenance windows for issue prevention.

Additional patches outside of the patchset may still be required:

  • For other Oracle products - the Recommended Patchset for Solaris only includes Solaris Operating System patches.  Other products such as Oracle Solaris Cluster, Oracle Solaris Studio, Oracle Database, etc., may have their own patch recommendations.  The monthly EIS update includes patch sets for Oracle Solaris Cluster, SAMFS, QFS, and SunVTS in addition to the Recommended Patchset for Solaris.
  • For specific platforms - for example a Solaris driver patch if a particular network card is installed or where firmware updates are required
  • For specific configurations - for example if the system is connected to 3rd party storage solutions such as EMC Powerpath or Veritas
  • For specific issues in your configuration - for example, break/fix situations where an additional patch fixes the issue encountered

You can download the patchsets or view their Readmes directly, using the following links:

To downloads the patchsets (you must be logged into MOS):


To download the patchset Readme files (no need to be logged into MOS):


The above works for both flash and non-flash (html) MOS users.   Just substitute "9" for "10" to get the Solaris 9 Recommended patchsets and Readmes.

You can also download the patchsets using 'wget' for scripted access as normal.  (See previous blog postings.)  For example, the download filename for Recommended Patchset for Solaris 10 SPARC is still 10_Recommended.zip.

If, like me, you like to know how to do things from first principles, here's the way to construct the search on My Oracle Support:

For Flash compatible systems (full function MOS version):

  1. Login to My Oracle Support (MOS), https://support.oracle.com
  2. Click on the "Patches&Updates" tab
  3. Click on "Product or Family (Advanced Search)
  4. Type "Solaris Operating System" into the product search box
  5. Select the Releases you are interested in - e.g. Solaris 10 Operating System and Solaris 9 Operating System
  6. Select the Platforms you are interested in - e.g. Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit)
  7. Click on the "+" sign next at the end of the "Platforms" line to add additional search criteria
  8. Click of "Select Filter" and select "Type" from the drop-down menu
  9. Select "Patchset"
  10. Click "Search" 

For non-Flash users (html MOS version):

  1. Login to the html version of My Oracle Support, https://supporthtml.oracle.com
  2. Click on the "Patches & Updates" tab
  3. Click on the Advanced Search tab in the search box
  4. Type "Solaris Operating System" in the product search box 
  5. Select the Releases you are interested in - e.g. Solaris 10 Operating System and Solaris 9 Operating System
  6. Select the Platforms you are interested in - e.g. Oracle Solaris on SPARC (64-bit) and Oracle Solaris on x86-64 (64-bit)
  7. For Type, select "Patchset"
  8. Click Search

MOS remembers your previous selections and they'll be shown top of each drop down menu on subsequent invocations.  You can also save searches for future re-use.

I want to thank Don O'Malley, Ed Clark, Howard Mills and the EIS team, Juergen Schleich and the Explominer team, Dr. Rex Martin and the ORAS team, and Rob Hulme and Walter Fisch from the Oracle Technical Support Center (TSC) for all their work in making a single consistent Recommended Patchset for Solaris a reality.

As always, I'm interested to hear your feedback.

Best Wishes,


Join the discussion

Comments ( 29 )
  • Gerry Monday, July 11, 2011

    Hi Ade,

    I've added a quick link to the canned search in the posting above.

    I had intended to do this in the original posting which I did while on vacation, but Xinha was tripping up misinterpreting the URL. It took me a couple of Sangria's to figure out what the likely problem was and switch to a raw text editor to overcome it.

    Best Wishes,


  • Ram Thursday, July 21, 2011

    I'm unable to connect to the entitlement policy document. The link seems to be broken. Can you, please, redirect me to the correct link or send me the document by email.



  • guest Friday, July 22, 2011

    I think you missed one search criteria in your itemized list above for constructing the search on MOS.

    - Add a filter to restrict "Description" to have "Recommended" in it

    Your URL link above has that in its search criteria

  • RADI, YUOSOF M Sunday, July 24, 2011

    Finally they change the PATCH CLUSTER name to PATCH SET. 

  • guest Wednesday, July 27, 2011

    How do you get to the Solaris Cluster Patchset through My Oracle Support or from within Ops Center? I am unfortunately still running Solaris Cluster 3.1 (yes, I need to upgrade), but would want to use Ops Center if possible to install those patches. Does the "Full Baseline" in Ops Center include patches for Solaris Cluster?


  • guest Thursday, July 28, 2011

    Is there a way to pull from MOS the latest set of patches for a Solaris Cluster version (say 3.1)?

  • guest Friday, August 5, 2011

    oracle is very close -- a few more steps and no one will ever be able to find the patch clusters!

    my oracle support makes sunsolve look like a work of art.

  • guest Tuesday, August 9, 2011

    I can pay to whoever develops a way to download the patchset using standard solaris console tools (AKA wget with no ssl support).

    What kind of idiot can insult his customers, Sun customers, with MOS?

  • guest Friday, August 26, 2011

    That link goes to the Flash version of Oracle Support.

  • Gerry Haskins Wednesday, August 31, 2011

    Regarding the comment about selecting "Recommended" above, yes, you can certainly do that, but I deliberately left it out so that the search returns all the available Solaris patchsets, including the Solaris Update Patch Bundles and Solaris Critical Patch Updates (CPU).

    Best Wishes,


  • so? where is the damn cluster? Wednesday, October 5, 2011

    my God, why is it so difficult to put a link some place on the front page after login that says "latest patch cluster". oracle is failing even on the simplest form of support to paying customers. it is disrespectful to have customers waste time searching for the most basic form of help. I have no words to describe how bad this place is. Sun was good when it used to be ran by more customer oriented people.

  • Pete Monday, October 17, 2011

    Oracle Sun Patchsets are impossible to find and NO checksum info. Buck up your ideas Oracle and sort out this crap so that we Sun admins can do our job!!!

  • guest Wednesday, October 26, 2011

    Gerry, your last posting included a comma in the link, so it is 404 not found. This is the one from 18-oct @7:30pm. The one above it (prev post of the same link) is correct, i.e., does not include the trailing comma in the link.


  • Gerry Haskins Wednesday, November 9, 2011

    Hi Derek,

    I've checked all the links and everything seems to be working. I suspect you may have accessed it while I was re-editing the post and hadn't checked all the links out.

    Please let me know if you are still having difficulties.

    Best Wishes,


  • guest Saturday, November 19, 2011

    Ever since Oracle took over SUN, finding Recommended clusters is excruciatingly painful. Please make it much easier.

  • Brian Wilson Wednesday, April 11, 2012

    Is there a way to request additional things be added? For example support recently identified some fmadm patches via Explorer that are required for proper disk fault reporting. These patches aren't in the January CPU, so I'm wondering how to make sure they get added? (I just can't see fmadm not being part of the base)

  • Gerry Haskins Thursday, April 12, 2012

    FYI, I'm following up with Brian off-line to see which patches he's referring to and will evaluate them for inclusion in the Recommended Patchset / next CPU.

    In general:

    We have a process whereby we evaluate patches to add to the Recommended Patchset with both proactive and reactive service organizations as well as using SunAlert criteria (fixes which address Security, Data Corruption, and System Availability issues).

    Naturally, not all patches are added to the Recommended Patchset as some address issues specific to certain configurations which are not necessarily of interest to the majority of customers, or which otherwise have downside to their inclusion.

  • guest Friday, April 27, 2012

    I am trying to find out if there is a way to split the size of a Solaris 10_Recommended CPU OS Patchset? The patches are getting to be over 2Gig in size zipped and I am running out of space when I unzip the file as it grows to be over 6.5Gig in size! I remember when you could download the OS Patchset in four different zip file.


  • guest Monday, May 7, 2012

    Great post. Does the the new 10_Recommended supersede the CPU patchset? I have a lot to install and the April 2012 CPU patchset is out but 10_Recommended is newer. Does it contain all the same patches as the CPU patch? Trying to avid scheduling both.

  • guest Thursday, June 14, 2012

    How do I go about getting a previous patchset download? I have a mission critical system that can NOT be brought up to the most recent available patchset. I NEED to be able to download whichever patchset I need.

    Gerry, your blog post has some decent info, but it's very incomplete.

    Please do not assume everyone wants the latest and 'greatest'.

    Please make all previous patchset (patch clusters) available for download AND an easy way to find them.

    I should be able to find them in 2-3 steps.

  • Colin Thursday, June 21, 2012

    Hi Gerry,

    Good post and I'm sure Oracle appreciates the fact you keep positive over all the bad comments about the support site.

    1. It is rubbish - the page is too busy.

    2. It is way too complicated - I've now reverted to logging calls if I want to find anything (Why waste my time when they can waste theirs).

    They might of heard of this small search engine company that I started using in the late 90's - they had a white page with a single search box in the centre. They seem to be quite popular now, not sure why. Couldn't be the fact they had an easy user interface could it??

  • guest Monday, July 2, 2012

    Are these the latest patches, because i last downloaded the 10_Recommended.zip file in March?

  • Tom Marin Thursday, October 11, 2012

    Good post, I found it to be useful. And thanks for the additional comment with regards to direct URI's for patch downloads. Appreciate it Gerry.

  • guest Tuesday, November 27, 2012

    I have to agree with the folks here. Finding the cluster/cpu updates is a mess. The blog link takes you to one from 7/11. There should be 4 later versions (including 10.2012) if Oracle stuck to it's update cycles.

  • guest Monday, April 15, 2013

    To see all the CPUs and the latest Recommended patchset, go to support.oracle.com, click on the "Patches & Updates" tab, click on "Products or Family (Advanced), for Product enter "Solaris Operating System", select the release(s) and platform(s) you are interested in - for example, "Oracle Solaris on SPARC (64-bit)" - and select "Type" = "Patchset".

  • guest Tuesday, January 7, 2014

    The CPU patch sets are still hard to find. I've been searching for 20 minutes, sheesh.

  • guest Friday, July 4, 2014

    Apologies for my long delay in responding.

    Here's the best way to find the CPU and recommended patchsets:

    - Login to My Oracle Support (MOS), support.oracle.com

    - Click on the "Patches & Updates" tab

    - In the Search pane, click on "Product or Family (Advanced)"

    - Type "Solaris" in the Product field and select the Solaris Operating System

    - Select the release(s) and platform(s) [SPARC or x86] you are interested in

    - Add Search filter "type" and select "patchset" on the right

    - click Search

    This returns all the CPU and recommended patchsets for the release(s) and platform(s) you selected.

    Best Wishes,


  • anand Wednesday, January 17, 2018
    Oracle recommended patches for solaris 10
  • Salus Structured Silver Gel Saturday, September 1, 2018
    Thanks for finally writing about >A Solaris
    Recommended Patchset to bind them all | Oracle Solaris Blog
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha