Critical Patch Update for July 2007 Now Available

The Critical Patch Update for July 2007 is now available. Oracle strongly recommends applying the patches as soon as possible.

The Critical Patch Update Advisory is the starting point for relevant information. It includes the list of products affected, pointers to obtain the patches, a summary of the security vulnerabilities for each product suite, and links to other important documents. Supported products that are not listed in the "Supported Products and Components Affected" section of the advisory do not require new patches to be applied.

Also, it is essential to review the Critical Patch Update supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Critical Patch Update Advisory is available at any of the following locations:

The next four Critical Patch Update release dates are:
  • October 16, 2007
  • January 15, 2008
  • April 15, 2008
  • July 15, 2008

Comments:

As this has just happened again (2 CPUs in a row) I figured I'd bring this to your attention. For my 11.5.10.2 ATG RUP 5 Linux client, in each of the last two CPUs, I've started getting CPU patches a day or two after the CPU is released. In both cases, I've run into at least one patch (either specifically stated by the CPU or a pre-req of a patch stated in the CPU) that is password protected and requires a TAR to get the password. In this CPU, it's 6188705 which requires pre-req 6007618 which is currently password protected and my loving analyst is balking at giving me a password, saying the patch isn't released yet.

I guess I should be proud that I'm apparently more eager to keep my installations secure then other DBAs, but I'm less then amused that Oracle keeps essentially saying "hey, apply this stuff, it's critical" only to find out "uhh, we're not quite ready yet. Just know that there's a security hole out there"

Posted by jay Weinshenker on July 19, 2007 at 12:48 AM PDT #

Hi, John,Thanks for letting me know about this.  I've passed on your comments to our Security / CPU team for their review.Regards,Steven

Posted by Steven Chan on July 19, 2007 at 04:37 AM PDT #

Steven,

You might also want to let everyone know about the new "N Apply" approach to CPUs. It's a very interesting article.

Glad to have you back.

thx
John

Posted by John Stouffer on July 24, 2007 at 09:28 AM PDT #

Since I'm already complaining about the CPU here, I figured I'd continue. So I got my TAR worked that I mentioned earlier - basically the README for 6188705 was changed to point to a different pre-req. Was this mentioned in the JULCPU change notes? No. Was there a notification sent out when the patch was re-uploaded? No. *GREAT* Customer Service. Thanks. Fast forward to today - following README.html of DB patch 6079582 - step 3.3.2 Step 3 says to run remove_demo.sh - gee, if only remove_demo.sh was included in the patch! Does anyone check these things? I suspect this was just a cut and paste error from the APR CPU, since it did have a remove_demo.sh

Excuse me for being completely unimpressed.

Posted by jay Weinshenker on July 25, 2007 at 08:28 AM PDT #

Hi Jay,

I had similar experience. Federal Financials Patch 6110845 readme asked for prereq patch 3527387. Patch 3527387 was not available for download. It was mentioned in the FIN_PF.F financials pack patch readme. I raised an SR for this and they changed the pre-req:

6110845 - CPUJul2007 : 6110845 : 11.5.9 (FV.I)

Patch 6110845 lists the following patches as pre-reqs:

1. AP Patch 6185790
2. FV Patch 3527387
3. FV Patch 4447837

- However patch 3527387 is not available for download via Metalink, as it was never released.

3527387 - FVXRTCRF DISPLAYS INVOICES FROM BULK FILES IN INCORRECT ORDER

- However, a one off backport patch was released for base bug 3527387, it is patch 3568337.

3568337 - FVXRTCRF DISPLAYS INVOICES FROM BULK FILES IN INCORRECT ORDER

- However, patch 3568337 has subsequently been superseded and replaced by patch 4675417.

4675417 - 1OFF:115.9:BASE BUG # 4652438 - FV.PLL - VALIDATION FOR EVENT FVAPTPVD FAILS

6110845 - CPUJul2007 : 6110845 : 11.5.9 (FV.I)

Patch 6110845 lists the following patches as pre-reqs:

1. AP Patch 6185790
2. FV Patch 3527387
3. FV Patch 4447837

- However patch 3527387 is not available for download via Metalink, as it was never released.

3527387 - FVXRTCRF DISPLAYS INVOICES FROM BULK FILES IN INCORRECT ORDER

- However, a one off backport patch was released for base bug 3527387, it is patch 3568337.

3568337 - FVXRTCRF DISPLAYS INVOICES FROM BULK FILES IN INCORRECT ORDER

- However, patch 3568337 has subsequently been superseded and replaced by patch 4675417.

4675417 - 1OFF:115.9:BASE BUG # 4652438 - FV.PLL - VALIDATION FOR EVENT FVAPTPVD FAILS

QUESTION
=========
We are planning to apply July 2007 CPU. Patch 6110845 is required to be applied on our instance according to this. Patch 3527387 is a pre
-requisite for this patch. It is not available on metalink.

ANSWER
=======
Hi Vikram,

Development has just let me know that the readme file for patch CPUJul2007 : 6110845 : 11.5.9 (FV.I) has been updated as follows:

1. Pre-requisite or Co-requisite which is not included with this patch:
Kindly apply the following patches before applying this patch:
1. AP Patch 6185790
2. FV Patch 4675417
3. FV Patch 4447837

Posted by Vikram Das on August 09, 2007 at 06:41 AM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
4
5
6
7
8
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today