甲骨文公司(Oracle Corp)会在今天的(2012-01-17 Tuesday)的晚些时候发布最新的数据库安全补丁Critical Patch Update January 2012; 在OTN的CPU security专题页面上已经生成了 的页面;将要发布的安全补丁涵盖多个版本的Oracle数据库:
Affected Products and Components
Security vulnerabilities addressed by this Critical Patch Update affect the following products:
- Oracle Database 11g Release 2, versions 11.2.0.2, 11.2.0.3
- Oracle Database 11g Release 1, version 11.1.0.7
- Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
- Oracle Database 10g Release 1, version 10.1.0.5
实际因为版本10gR2已经正式进入Extended Support扩展支持阶段,所以下载10.2.0.4、10.2.0.5今后的CPU、PSU将(10.2.0.4.10、10.2.0.5.5 以后)需要用户已购买甲骨文公司的扩展支持服务包。 "甲骨文称,有27个补丁是修复MySQL数据库中的安全漏洞。其中一个安全漏洞不需要登录证书就可以在网络上利用。按照通用安全漏洞评分系统(CVSS)数据库的平分,MySQL数据库安全漏洞的最高等级是5.5,属于中等风险等级。 另外两个补丁修复甲骨文数据中的安全漏洞。甲骨文还计划为Fusion中间件软件发布11个补丁。其中修复的5个安全漏洞能够远程利用,不需要用户身份识别。 在应用程序方面,甲骨文电子商务套装软件将得到3个安全补丁。供应链应用套装软件将得到1个安全补丁。仁科软件得到6个补丁。JD Edwards软件得到8个补丁。 大约17个安全补丁与Sun的产品有关,其中包括6个不需要证书就可以远程利用的安全漏洞。受影响的产品包括GlassFish企业服务器和和Solaris OS。 另外3个补丁用于甲骨文包括VirtualBox在内的虚拟化技术。" 在My Oracle Support (MOS)服务站点上已经生成了 这个补丁文档patch note: "Oracle provides Critical Patch Updates to its customers to fix security vulnerabilities. This document defines the Documentation Map to documents identifying patches and minimum releases that are required for the Oracle products to address the security vulnerabilities that are announced in the Advisory for January 2012 (the updates will be entered here when CPU is released). " 补丁列表已发布: Patch Availability for Oracle Database 11.2.0.3
| Oracle Database 11.2.0.3 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows x64 (64-bit) | Advisory Number | Comments |
| Oracle Database home | CPU , or DB PSU , or GI PSU , or Database patch for Exadata , or Quarterly Full Stack download for Exadata | Bundle | Bundle |
Patch Availability for Oracle Database 11.2.0.2
| Oracle Database 11.2.0.2 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows x64 (64-bit) | Advisory Number | Comments |
| Oracle Database home | CPU , or DB PSU , or GI PSU , or Exadata Database Recommended Patch 14 | Bundle | Bundle | CVE-2012-0072, CVE-2012-0082 | |
Patch Availability for Oracle Database 11.1.0.7
| Oracle Database 11.1.0.7 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows x64 (64-Bit) | Advisory Number | Comments |
| Oracle Database home | CPU , or PSU | Bundle | Bundle | CVE-2012-0072, CVE-2012-0082 | |
| Oracle Database home | | | | Released April 2011 | Database UIX For Oracle Secure Enterprise Search 11.1.2.x installations, follow the instructions given in MOS note . |
| Oracle Database home | | | | Released April 2011 | Enterprise Manager Database Control UIX Not applicable to Oracle Secure Enterprise Search 11.1.2.x |
| Oracle Database home | | | | Released April 2011 | Warehouse Builder Not applicable to Oracle Secure Enterprise Search 11.1.2.x |
Patch Availability for Oracle Database 10.2.0.5
| Oracle Database 10.2.0.5 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows Itanium (64-Bit) | Microsoft Windows x64 (64-Bit) | Advisory Number | Comments |
| Oracle Database home | CPU , or PSU | Bundle | NA | Bundle | CVE-2012-0072, CVE-2012-0082 | |
| Oracle Database home | | NA | NA | NA | Released July 2011 | Enterprise Manager Database Control For HP-UX PA-RISC and HP-UX Itanium platforms only |
| Oracle Database home | | | | | Released April 2011 | Warehouse Builder |
Patch Availability for Oracle Database 10.2.0.4
| Oracle Database 10.2.0.4 | UNIX | Advisory Number | Comments |
| Oracle Database home | CPU , or PSU | CVE-2012-0072, CVE-2012-0082 | |
| Oracle Database home | | Released July 2011 | Enterprise Manager Database Control For HP-UX PA-RISC and HP-UX Itanium platforms only |
| Oracle Database home | | Released April 2011 | Database UIX |
| Oracle Database home | | Released July 2011 | Enterprise Manager Database Control UIX |
| Oracle Database home | | Released April 2011 | iSqlPlus UIX |
| Component | IBM zSeries (z/OS) | Advisory Number | Comments |
| Oracle Database home | CPU | CVE-2012-0072, CVE-2012-0082 | |
Patch Availability for Oracle Database 10.1.0.5
| Oracle Database 10.1.0.5 | UNIX | Microsoft Windows (32-Bit) | Microsoft Windows Itanium (64-Bit) | Advisory Number | Comments |
| Oracle Database home | | | | Released October 2010 | Oracle Universal Installer |
| Oracle Database home | | NA | NA | Released July 2011 | Oracle Universal Installer |
| Oracle Database home | CPU | Bundle | Bundle | CVE-2012-0072, CVE-2012-0082 | |
| Oracle Database home | | NA | NA | Released July 2011 | Enterprise Manager Database Control For HP-UX PA-RISC and HP-UX Itanium platforms only |
| Oracle Workspace Manager home | | | | Released April 2009 | |
| Oracle Database home | | | | Released April 2011 | Database UIX |
| Oracle Database home | | | | Released April 2011 | Enterprise Manager Database Control UIX |
| Oracle Database home | | | | Released April 2011 | iSqlPlus UIX |
Patch Set Update Availability for Oracle Database
| Oracle Database | UNIX | Advisory Number | Comments |
| 11.2.0.2.4 Database PSU | | See | |
| 11.2.0.2.4 Grid Infrastructure PSU | | See | Includes CPUJan2012 and 11.2.0.2.4 Database PSU IBM: Linux on System Z and HP-UX PA-RISC are On-Request Platforms for GI PSU 11.2.0.2.4 |
| 11.2.0.2 BP12 for Exadata | | See | Includes CPUJan2012 and 11.2.0.2.4 Database and Grid Infrastructure PSU fixes for Exadata |
| 11.1.0.7.9 Database PSU | | See | |
| 11.1.0.7.7 CRS PSU | | Released April 2011 | |
| 10.2.0.5.5 Database PSU | | See | |
| 10.2.0.5.2 CRS PSU | | Released January 2011 | IBM: Linux on System Z, Solaris x86-64 and HP-UX PA-RISC are On-Request Platforms for CRS PSU 10.2.0.5.2 |
| 10.2.0.4.10 Database PSU | | See | Overlay PSU |
| 10.2.0.4.4 Database PSU | | Released April 2010 | Base PSU for 10.2.0.4.10 |
| 10.2.0.4.4 CRS PSU | | Released April 2010 | |
在11gR2 当前最新版本11.2.0.3的第一个psu 11.2.0.3.1中修复了几十个bug:
CPU molecules in PSU 11.2.0.3.1: PSU 11.2.0.3.1 contains the following new PSU 11.2.0.3.1 molecules: 13499128 - DB-11.2.0.3-MOLECULE-001-CPUJAN2012 13528551 - DB-11.2.0.3-MOLECULE-002-CPUJAN2012 Bug Fixes
See My Oracle Support Note that documents all the non-security bugs fixed in each 11.2.0.2 Patch Set Update (PSU). PSU 11.2.0.3.1 contains the following new fixes: Automatic Storage Management 9703627 - 11.2.0.2: ROOT USE OF ASMCMD PLACES ALERT.LOG IN USER DIRECTORY 12620823 - SOL-SP64-11203:ASM INSTANCE HANG DURING CRS STACK STARTING ON THE SECOND NODE 12797765 - SOL_SP64: AFTER ALL DISKS FAILURE, DG CAN'T BE DISMOUNTED ON T2000-3 12905058 - REBOOT 2 CELL NODES, CHECKFILE FOUND CORRUPTION BLOCK IN 3 UNDO DATAFILES 12938841 - 11203_ASM_SOL_SP64:RACE BETWEEN ADD DISK AND DISMOUNT MAY CAUSE KFGUSENUM01 12950644 - RBAL HIT ORA-07445:[KFDGLOBALOPEN()+738], ASM INST ABORT Generic 9873405 - ORA-600 DURING FAST REFRESH AFTER 11.2.0.1.0 TO 11.2.0.2.0 UPDATE. High Availability 12718090 - LNX64-11203-RAC:DB FG RROC HIT ORA-00600[KCLCHKBLK_3] 12834027 - ORA-00600 [KJBMPRLST:SHADOW] & [KJBRASR:PKEY] IN A READ MOSTLY & SKIP LOCK ENV 12847466 - AROLTP-C: HANG SIGNATURE: 'GC CURRENT REQUEST'<='GC BUFFER BUSY ACQUIRE' 12861463 - RAC PERF: DEFAULT VALUE FOR _LM_SINGLE_INST_AFFINITY_LOCK SHOULD BE FALSE 12917230 - QUERY WITH TEMP TABLE TRANSFORMATION RUNS 5X SLOWER WAITING FOR REMASTERING 12998795 - AROLTP-C: HANG SIGNATURE: 'GC CURRENT REQUEST'<='GC BUFFER BUSY ACQUIRE' 13035804 - LACK OF DLM PSEUDO RECONFIGURATION TEXTUAL REASON Oracle Space Management 13041324 - HCC ON ZFS AND PILLAR STORAGE 13492735 - DISALLOW ADDING NON-HCC DATAFILE TO HCC TABLESPACE Oracle Virtual Operating System Services 13362079 - HCC SHOULD NOT BE ENABLED FOR NON ZFS/ PILLAR STORAGE ARRAY