Introduction:
Oracle releases patches for wide range of its products to enhance the feature and stability. Oracle database patches are part of such releases and those are highly recommended to apply in order to stay out of threats and vulnerabilities.
There are many classifications of patches available for each version of oracle database product. Here in this blog, I’m going to depict such information to get an overview of patch types and few latest changes in it.
Acronym |
Type of patch |
Description |
|
| PSU | Patch set update | Cumulative patches that contain security fixes, additional fixes and enhancements | |
| CPU | Critical patch update | Cumulative patches consisting of security fixes | |
| SPU | Security patch update | An iterative, cumulative patch consisting of security fixes. Formerly known as Critical Patch Update | |
| CVE | Common Vulnerabilities and Exposures | Information about security vulnerabilities, with unique CVE number | |
| OJVM | Oracle Java VM | Includes critical fixes for the Oracle Java VM component within the Oracle Database | |
| RU | Release update | Proactive bundle of critical fixes, similar to BP | |
| RUR | Release update revision | Includes updates with fixes for known regressions and latest security vulnerability fixes | |
Other terminologies |
Description |
||
| Mitigation Patch | For interim solution on demand, where patch not included neither in PSU nor in CPU | ||
| Bundle patch (BP) | Cumulative patch issued between patch set bundles | ||
| Diagnostic patch | Type of interim patch used for the diagnosis of a specific issue | ||
| Interim patch | Also called as one-off patches, used to fix a specific bug | ||
| Cumulative Patch | Patch which includes the bug fix/security released in the previous patch release (PSU or CPU) | ||
| Replacement patch | A patch found as regressed, for which support can recommend a replacement | ||
| Security update | Security update releases | ||
| Merge Label Request (MLR) | A bundle of patches fixing several bugs. | ||
Frequency and classification of patches:
-
- CPU’s or SPU’s and PSU’s are released quarterly, and Oracle prefers to release RU/RUR’s since 12.2.x.x.x versions and PSU’s are no longer going to be available in future versions.
- CVE’s are released for each security fixes and may include in subsequent CPU’s and PSU’s distributions.
- RU’s are the new set of proactive bundle patches starting from 12.2 version.
- RUR’s are the SPU’s with one-off regression fixes and each update is followed by up to two separate Revisions for the six months after the Update is released.
In the following diagram, we can see RU update released in January for a version will have its revisions in April, July and the revision cycle ends. There after a new cycle begins for the next RU version update.
Oracle official sample of RU/RUR’s for 18c are as below:
Naming convention of patch updates:
Choose the related quarter release with subject
Patch <patchNumber>: <Description of the patch> <dbVersion>.<yymmdd>
Eg: Patch 30298532: DATABASE PATCH SET UPDATE 11.2.0.4.200114
Cross check the patchNumber/dbVersion/osVersion during download
p<patchNumber>_<dbVersion>_<osVersion>.zip
Eg:p30298532_112040_SOLARIS64.zip
12.2.0.1 Database Release – Naming Convention For Update/Revision
-
- Release Update – Database <Quarter> Release Update 12.2.0.1.<build-date>
- Release Update Revision – Database <Quarter> Release Update Revision 12.2.0.1.<build-date>
Finding Patches For A Database:
Navigate through one link http://www.oracle.com/technetwork/topics/security/alerts-086861.html
-
- Critical Patch Update
- Affected Products and Patch Information – Choose database
- Patch Availability for Oracle Products – Choose Oracle database
- Go to Oracle database section and choose the version.
For example 11.2.0.4, as “Oracle Database 11.2.0.4”
Easy Way To Download Recommended Patches Through Meta Link Doc ID:
-
- Database 11.2.0.4 Proactive Patch Information (Doc ID 2285559.1)
- Database 12.1.0.2 Proactive Patch Information (Doc ID 2285558.1)
- Database 12.2.0.1 Proactive Patch Information (Doc ID 2285557.1)
- Database 18 Proactive Patch Information (Doc ID 2369376.1)
- Database 19c Proactive Patch Information (Doc ID 2521164.1)
Patch Support For Oracle Database Versions Published By Oracle (Doc ID 742060.1) As A Reference:
Bottom line:
Oracle patches are highly recommended to ensure database security and stay out of threats and vulnerabilities!
