Assessing Critical Patch Updates

Leave a comment

Oracle releases a Critical Patch Update (CPU). How fast should you mobilize to apply it?

Don’t panic. Use the information available on Oracle’s web site to determine the degree to which your environment is affected.

4 times a year, Oracle releases a CPU. Here’s what the current notification looks like:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html

When reviewing the notification, take a look at the risk matrices. Here’s the one for database:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html#AppendixA

This matrix is using an industry standard security risk assessment rating system.

You will find that things are itemized according to products. If you are not using the products mentioned, your risk is lowered. Also, the matrix itemizes the significance of each vulnerability. The columns in the matrix are fully explained here:

http://www.first.org/cvss/cvss-guide.html

By analyzing the findings, you can make an informed choice about what threat the particular CPU poses to your Oracle environment.

Getting in Deep with OEM

Leave a comment

I’ve been working more with Oracle Enterprise Manager Grid Control at work. I’m currently working on a non-production deployment that we will keep around for purposes of testing patches, etc. Hope to get the production deployment done in a a month or so…

This product is massive! Getting familiar with all the components is similar to learning Oracle DBA for the first time. Every time you think you have reached a plateau of understanding, you realize there’s much more to grok to keep the environment working and collecting data happily.

Today I’ve been digging into collection issues. Some Oracle Homes did not show up, even though the agent was running OK on that node. Turns out the problem was “Daily Host / Inventory Configuration Collection Fails with ORA-1 [Unique Key Violated] errors”, metalink note NOTE:579735.1. Then I started working on “Warning During Collection Of Oracle Software Unknown External Name for the Following Patchset Version”. That one was solved by metalink NOTE:434167.1.