Critical Patch Update for January 2010 Now Available

The Critical Patch Update (CPU) for January 2010 was released on January 12, 2010. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes a list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities, and links to other important documents.

Supported Products that are not listed in the "Supported Products and Components Affected" Section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at the following location:
The next four Critical Patch Update release dates are:
  • April 13, 2010
  • July 13, 2010
  • October 12, 2010
  • January 18, 2011

Comments:

YAY - PSUs for Apps.

Now we only need to apply one patch for the DB and one patch for the Apps.

A very very cool improvement. My thanks to the group who did this.

While talking with another DBA today, we came up with something that would be quite nice. After many patches you're supposed to go into adamin and do things like
compile flexfields
recompile apps schema
generate grants and synonyms
etc

It make life a bit easier to automate if we could call those things directly from a command line argument to adadmin vs having to use the menus.

Any chance you all could implement something like that? I admit, I haven't researched and it may be already in there, but I don't think it is.

Thanks as always

Posted by Jay Weinshenker on January 13, 2010 at 01:48 AM PST #

Typo, hopefully, or you guys are a year ahead of your time....

"The Critical Patch Update (CPU) for January 2010 was released on January 12, 2009"

Posted by Martin on January 13, 2010 at 10:52 AM PST #

Hi, Martin,

Thanks for catching that typo. I'd like to think that this blog is ahead of its time. ;-)

Regards,
Steven

Posted by Steven Chan on January 13, 2010 at 11:55 AM PST #

Steven,

Could you please send out an update of the critical one-off that affects all platforms and releases after applying ATG RUP 7?

Patch is 9053932 for 11i and 8222709 for 12.

thx,
John

P.S. Good job on the PSU for Apps - I have to concur. This should make life a little easier...:-)

Posted by John Stouffer on January 13, 2010 at 10:23 PM PST #

Thanks, John. I've asked our CPU team to look into this.

Regards,
Steven

Posted by Steven Chan on January 14, 2010 at 02:45 AM PST #

Response to Jay Weinshenker:

Check out running adadmin in non-interactive mode. Note 289790.1 will link you to the proper manual. This gives you the ability to run the tasks you are asking about via the command line.

Posted by Jody on January 14, 2010 at 02:49 AM PST #

Steven,

Do you have information on how the 2010 schedule was created and why those dates are chosen? I seem to recall you addressing this question in a past blog but cannont find it.

The Oracle EBS application development team, I work with, have issues with this schedule every year. They request that the CPUs be released either a month ealier or a month later to fit into their appliation patch testing schedules. Due to the development, testing, and the attempt to be timely on the security fixes, I am thinking that this request will be difficult to accomplish even if it were a few weeks either way.

Posted by Mark Brzostowski on January 15, 2010 at 12:49 AM PST #

Hi, Mark,

The quarterly Critical Patch Schedule is established by our Global Product Security team responsible for security across all Oracle product families. An in-depth discussion about their reasons for this schedule and CPU release approach is here:

http://blogs.oracle.com/security/2009/07/ensuring_critical_patch_update_quality.html

You can provide feedback to that team by posting a comment to that article, or emailing the team directly.

Regards,
Steven

Posted by Steven Chan on January 15, 2010 at 01:44 AM PST #

Steven,
I would like to thank Oracle and all contributing Oracle personnel for creating an EBS 11i CPU cummulative patchset for this CPU release. This is something that in the long run will make more systems secure and I am sure that many EBS 11i customers will benefit from this.

We hope that we can expect this rollup to continue for all subsequent CPUs. :-)

Thanks again!

Randy Giefer
OAUG SysAdmin SIG

Posted by Randy Giefer on January 16, 2010 at 09:39 PM PST #

Steven,

I echo Randy's comments. Cumulative 11i CPU patches make it easier for everyone and removes one of the the obstacles to staying "patched current" for those customers that have fallen behind in CPUs.

Thanks to all,
Kevin

Posted by Kevin Sheehan on January 19, 2010 at 12:25 PM PST #

Thank you very much for the update.

The cumulative CPUs for EBS is a big step forward for securing EBS systems. That reduces the work for DBAs.

Thanks for your teams efforts.

Posted by Rama Nalam on January 19, 2010 at 11:13 PM PST #

Hi, Rama, Kevin,

Thanks for your comments about our 11i cumulative CPU. I've passed them on to our CPU team.

Some good news: they've confirmed that they plan to continue to release cumulative 11i CPUs on an ongoing basis now.

Regards,
Steven

Posted by Steven Chan on January 20, 2010 at 12:44 AM PST #

Cumulative CPU-patch for 11i is definitely a good improvement - thank you very much for that!

It does however raise a problem for most Norwegian installations I've encountered; Oracle Norway maintained, until a few years ago, a set of Norwegian Extensions, NOEX. Now, the development and maintenance of this is transferred to "central development" (India, I have been told).

The problem is that NOEX's "customizations" isn't always up-to-date; CPUJul2007 released 6185758, which included the form APXPAWKB.fmb in version 115.480. Note 557079.1 states that, for NOEX, "Latest certified version for form APXPAWKB.fmb is 115.435".

I have raised SR's for this previously, without getting anywhere, except being redirected to Oracle Consulting, which told me that "not enough customers had raised it as an issue".

Hence the problem; whereas we could previously "choose" to ignore one patch for one module (AP), we're now in a situation where we can't keep up at all; the cumulative patch for CPUJan2010 includes the form as well! (it wouldn't be cumulative if it didn't...)

I guess we'll just have to keep raising SR's...

Posted by Kjetil Strønen on January 20, 2010 at 02:49 AM PST #

Hello, Kjetil,

Thanks for your comments. If the Norwegian Extensions aren't keeping up with the rest of the E-Business Suite, I can see how this can be problematic.

I'm not familiar with the Norwegian Extensions. I'm unclear on who owns these -- your comment implies that they're owned by Oracle Consulting, but you also refer to "central development in India."

I think that your best bet would be to escalate this with your Oracle account manager to identify the NOEX owner. We want to help everyone get up to the latest CPU level, regardless of localizations installed. Please let me know if I can help coordinate this with your account management team.

Regards,
Steven

Posted by Steven Chan on January 21, 2010 at 01:52 AM PST #

I'm not sure what team owns Norwegian Extensions, but there is a bug (or ER) logged for this; 6975187. It has been in review for almost two years...The last update, 21-APR-09, was when I last had an SR opened for the issue.

Any coordination would be appreciated :)

Regards,
Kjetil

Posted by Kjetil Strønen on January 25, 2010 at 07:18 PM PST #

Hello, Kjetil,

Our Security team is looking into the NOEX case that you raised; thanks for letting us know about this. I'll pass the bug number on to the team that's investigating this.

Regards,
Steven

Posted by Steven Chan on January 26, 2010 at 06:05 AM PST #

Hi Steven,

We applied PSU1 on our 10.2.0.4 E Business Suite Database.

As the PSU3 for 10.2.0.4 is already released, can you please advice if that is certified to apply in E Business Suite Database. Because in the 985520.1 we only see entry on database CPU patches and no updates on PSU.

Thanks & Regards,
Rakesh

Posted by Rakesh on January 27, 2010 at 06:13 AM PST #

Hi, Rakesh,

We don't explicitly certify database Patch Set Updates with the E-Business Suite, but they're supported. See:

Can E-Business Users Apply Database Patch Set Updates?
http://blogs.oracle.com/stevenChan/2009/08/can_ebs_users_apply_database_patch_set_updates.html

Regards,
Steven

Posted by Steven Chan on January 27, 2010 at 07:55 AM PST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today