Patch 14275629 - 10.2.0.5.9 Patch Set Update
Released: October 16, 2012
This document is accurate at the time of release. For any changes and additional information regarding PSU 10.2.0.5.9, see these related documents that are available at My Oracle Support (http://support.oracle.com/):
Document 1477727.1 Patch Set Update and Critical Patch Update October 2012 Availability Document
Document 854428.1 Patch Set Updates for Oracle Products
Document 1477883.1 Oracle Database Patch Set Update 10.2.0.5.9 Known Issues
This document includes the following sections:
Patch Set Update (PSU) patches are cumulative. That is, the content of all previous PSUs is included in the latest PSU patch.
PSU 10.2.0.5.9 includes all fixes previously included in PSU 10.2.0.5.8 and those listed in Section 7, "Bugs Fixed by This Patch".
To install the PSU 10.2.0.5.9 patch, the Oracle home must have the 10.2.0.5.0 Database installed. Subsequent PSU patches can be installed on Oracle Database 10.2.0.5.0 or any PSU with a lower 5th numeral version than the one being installed.
This patch contains a security fix due to which a SELECT query's plan MAY change under the following conditions:
The SELECT queries a table protected with a Fined Grained Auditing policy
And the policy condition is NULL
Table 1 describes installation types and security content. For each installation type, it indicates the most recent PSU patch to include new security fixes that are pertinent to that installation type. If there are no security fixes to be applied to an installation type, then "None" is indicated. If a specific PSU is listed, then apply that or any later PSU patch to be current with security fixes.
Table 1 Installation Types and Security Content
| Installation Type | Latest PSU with Security Fixes |
|---|---|
|
Server homes |
PSU 10.2.0.5.9 |
|
Client-Only Installations |
PSU 10.2.0.5.9 to address CVE-2012-3137 and CVE-2012-3151. Prior to installing this PSU you MUST read My Oracle Support Document: 1493990.1 - Patching for CVE-2012-3137. |
|
Instant Client Installations |
PSU 10.2.0.5.9 to address CVE-2012-3137 for certain configurations. Prior to installing this PSU you MUST read My Oracle Support Document: 1493990.1 - Patching for CVE-2012-3137. (The Instant Client installation is not the same as the client-only Installation. For additional information about Instant Client installations, see Oracle Call Interface Programmer's Guide.) |
|
ASM (Automatic Storage Management) homes |
PSU 10.2.0.5.9 to address CVE-2012-3137 and CVE-2012-3151. Prior to installing this PSU you MUST read My Oracle Support Document: 1493990.1 - Patching for CVE-2012-3137. |
|
CRS (Cluster Ready Services) homes |
None |
This section includes the following section:
You must use the OPatch 10.2 version 10.2.0.5.0 or later to apply this patch. Oracle recommends that you use the latest released OPatch 10.2, which is available for download from My Oracle Support patch 6880880 by selecting the 10.2.0.0.0 release.
For information about OPatch documentation, including any known issues, see My Oracle Support Document 293369.1 OPatch documentation list.
These instructions are for both non-RAC environments and RAC environments.
Before you install PSU 10.2.0.5.9, perform the following actions to check the environment and to detect and resolve any one-off patch conflicts.
Ensure that the $PATH definition has the following executables: make, ar, ld, and nm.
The location of these executables depends on your operating system. On many operating systems, they are located in /usr/ccs/bin, in which case you can set your PATH definition as follows:
export PATH=$PATH:/usr/ccs/bin
For an introduction to the PSU one-off patch concepts, see "Patch Set Updates Patch Conflict Resolution" in My Oracle Support Document 854428.1 Patch Set Updates for Oracle Products.
The fastest and easiest way to determine whether you have one-off patches in the Oracle home that conflict with the PSU, and to get the necessary conflict resolution patches, is to use the Patch Recommendations and Patch Plans features on the Patches & Updates tab in My Oracle Support. These features work in conjunction with the My Oracle Support Configuration Manager. Recorded training sessions on these features can be found in Document 603505.1.
However, if you are not using My Oracle Support Patch Plans, follow these steps:
Determine whether any currently installed one-off patches conflict with the PSU patch as follows:
unzip p14275629_10205_<platform>.zip opatch prereq CheckConflictAgainstOHWithDetail -phBaseDir ./14275629
The report will indicate the patches that conflict with PSU 14275629 and the patches for which PSU 14275629 is a superset. Refer to "Patch Set Updates Patch Conflict Resolution" in My Oracle Support Document 854428.1 Patch Set Updates for Oracle Products.
Note that Oracle proactively provides PSU 10.2.0.5.9 one-off patches for common conflicts.
Use My Oracle Support Document 1321267.1 Database Patch conflict resolution to determine, for each conflicting patch, whether a conflict resolution patch is already available, and if you need to request a new conflict resolution patch or if the conflict may be ignored
When all the PSU 10.2.0.5.9 one-off patches that you have requested are available at My Oracle Support, proceed with Section 3.2, "Patch Installation Instructions".
Follow these steps:
If you are using a Data Guard Physical Standby database, you must install this patch on both the primary database and the physical standby database, as described by My Oracle Support Document 278641.1.
If you are patching an ASM instance, shut down all Oracle Database instances that use this ASM instance. (To see which Oracle Database instances are connected to this ASM instance, query the V$ASM_CLIENT view.)
If this is a RAC environment, install the PSU patch using the OPatch rolling (no downtime) installation method as the PSU patch is rolling RAC installable. Refer to My Oracle Support Document 244241.1 Rolling Patch - OPatch Support for RAC.
If this is not a RAC environment, shut down all instances and listeners associated with the Oracle home that you are updating. For more information, see Oracle Database Administrator's Guide.
Set your current directory to the directory where the patch is located and then run the OPatch utility by entering the following commands:
unzip p14275629_10205_<platform>.zip
cd 14275629
opatch apply
If there are errors, refer to Section 5, "Known Issues".
Do not perform the operations in this section on ASM instances. However, if you shut down ASM as part of applying the PSU, you must start ASM instances before you can perform any of the actions in this section on any database instances.
After installing the patch, perform the following actions:
Apply conflict resolution patches as explained in Section 3.3.1.
Load modified SQL files into the database, as explained in Section 3.3.2.
Apply the patch conflict resolution one-off patches that were determined to be needed when you performed the steps in Section 3.1.2, "One-off Patch Conflict Detection and Resolution".
The following steps load modified SQL files into the database. For a RAC environment, perform these steps on only one node.
For each database instance running on the Oracle home being patched, connect to the database using SQL*Plus. Connect as SYSDBA and run the catbundle.sql script as follows:
cd $ORACLE_HOME/rdbms/admin sqlplus /nolog SQL> CONNECT / AS SYSDBA SQL> STARTUP SQL> @catbundle.sql psu apply SQL> -- Execute the next statement only if this is the first PSU applied for 10.2.0.5 or this is the first PSU applied since 10.2.0.5.3. SQL> @utlrp.sql SQL> QUIT
For information about the catbundle.sql script, see My Oracle Support Document 605795.1 Introduction to Oracle Database catbundle.sql.
Check the following log files in $ORACLE_HOME/cfgtoollogs/catbundle or $ORACLE_BASE/cfgtoollogs/catbundle for any errors:
catbundle_PSU_<database SID>_APPLY_<TIMESTAMP>.log catbundle_PSU_<database SID>_GENERATE_<TIMESTAMP>.log
where TIMESTAMP is of the form YYYYMMMDD_HH_MM_SS. If there are errors, refer to Section 5, "Known Issues".
These instructions are for a database that is created or upgraded after the installation of PSU 10.2.0.5.9.
You must execute the steps in Section 3.3.2, "Loading Modified SQL Files into the Database" for any new database only if it was created by any of the following methods:
Using DBCA (Database Configuration Assistant) to select a sample database (General, Data Warehouse, Transaction Processing)
Using a script that was created by DBCA that creates a database from a sample database
Cloning a database that was created by either of the two preceding methods, and if the steps in Section 3.3.2, "Loading Modified SQL Files into the Database" were not executed after PSU 10.2.0.5.9 was applied
Upgraded databases do not require any post-installation steps.
These instructions are for both Non-RAC environments and RAC environments.
Section 4.1, "Patch Deinstallation Instructions for a Non-RAC Environment"
Section 4.2, "Post Deinstallation Instructions for a Non-RAC Environment"
Section 4.3, "Patch Deinstallation Instructions for a RAC Environment"
Section 4.4, "Post Deinstallation Instructions for a RAC Environment"
Follow these steps:
Verify that an $ORACLE_HOME/rdbms/admin/catbundle_PSU_<database SID>_ROLLBACK.sql file exists for each database associated with this ORACLE_HOME. If this is not the case, you must execute the steps in Section 3.3.2, "Loading Modified SQL Files into the Database" against the database before deinstalling the PSU.
Shut down all instances and listeners associated with the Oracle home that you are updating. For more information, see Oracle Database Administrator's Guide.
Run the OPatch utility specifying the rollback argument as follows.
opatch rollback -id 14275629
If there are errors, refer to Section 5, "Known Issues".
Follow these steps:
Start all database instances running from the Oracle home. (For more information, see Oracle Database Administrator's Guide.)
For each database instance running out of the ORACLE_HOME, connect to the database using SQL*Plus as SYSDBA and run the rollback script as follows:
cd $ORACLE_HOME/rdbms/admin
sqlplus /nolog
SQL> CONNECT / AS SYSDBA
SQL> STARTUP
SQL> @catbundle_PSU_<database SID>_ROLLBACK.sql
SQL> -- Execute the next statement only if this is the first PSU applied for 10.2.0.5 or this is the first PSU applied since 10.2.0.5.3.
SQL> @utlrp.sql
SQL> QUIT
In a RAC environment, the name of the rollback script will have the format catbundle_PSU_<database SID PREFIX>_ROLLBACK.sql.
Check the log file for any errors. The log file is found in $ORACLE_HOME/cfgtoollogs/catbundle and is named catbundle_PSU_<database SID>_ROLLBACK_<TIMESTAMP>.log where TIMESTAMP is of the form YYYYMMMDD_HH_MM_SS. If there are errors, refer to Section 5, "Known Issues".
Follow these steps for each node in the cluster, one node at a time:
Shut down the instance on the node. (Shut down all RDBMS instances before any ASM instances.)
Run the OPatch utility specifying the rollback argument as follows.
opatch rollback -id 14275629
If there are errors, refer to Section 5, "Known Issues".
Start the instance on the node. Depending on the type of home, enter the following commands or command.
For ASM homes:
srvctl start listener srvctl start asm srvctl start instance
For RDBMS (non-ASM) homes:
srvctl start instance
Follow the instructions listed in Section Section 4.2, "Post Deinstallation Instructions for a Non-RAC Environment" only on the node for which the steps in Section 3.3.2, "Loading Modified SQL Files into the Database" were executed during the patch application.
All other instances can be started and accessed as usual while you are executing the deinstallation steps.
For information about OPatch issues, see My Oracle Support Document 293369.1 OPatch documentation list.
For issues documented after the release of this PSU, see My Oracle Support Document 1477883.1 Oracle Database Patch Set Update 10.2.0.5.9 Known Issues.
Other known issues are as follows.
The following ignorable errors may be encountered while running the catbundle.sql script or its rollback script:
ORA-29809: cannot drop an operator with dependent objects ORA-29931: specified association does not exist ORA-29830: operator does not exist ORA-00942: table or view does not exist ORA-00955: name is already used by an existing object ORA-01430: column being added already exists in table ORA-01432: public synonym to be dropped does not exist ORA-01434: private synonym to be dropped does not exist ORA-01435: user does not exist ORA-01917: user or role 'XDB' does not exist ORA-01920: user name '<user-name>' conflicts with another user or role name ORA-01921: role name '<role name>' conflicts with another user or role name ORA-01952: system privileges not granted to 'WKSYS' ORA-02303: cannot drop or replace a type with type or table dependents ORA-02443: Cannot drop constraint - nonexistent constraint ORA-04043: object <object-name> does not exist ORA-29832: cannot drop or replace an indextype with dependent indexes ORA-29844: duplicate operator name specified ORA-14452: attempt to create, alter or drop an index on temporary table already in use ORA-06512: at line <line number>. If this error follow any of above errors, then can be safely ignored. ORA-01927: cannot REVOKE privileges you did not grant
The following documents are references for this patch.
Document 293369.1 OPatch documentation list
Document 360870.1 Impact of Java Security Vulnerabilities on Oracle Products
Document 468959.1 Enterprise Manager Grid Control Known Issues
Document 14275629.8 DATABASE PSU 10.2.0.5.9 (INCLUDES CPUOCT2012)
Document 1337394.1 10.2.0.5 Patch Set Updates - List of Fixes in each PSU
Document 402945.1 While installing one-off Patch on AIX systems, getting several WARNING messages: OUI-67215 - TOC overflow and/or xlC: not found / xlC: Execute permission denied
This patch includes the following bug fixes.
CPU molecules in PSU 10.2.0.5.9:
PSU 10.2.0.5.9 contains all molecules previously released in PSU 10.2.0.5.8 and the following new PSU 10.2.0.5.9 molecules:
14492313 - DB-10.2.0.5-MOLECULE-033-CPUOCT2012
14492314 - DB-10.2.0.5-MOLECULE-034-CPUOCT2012
14492315 - DB-10.2.0.5-MOLECULE-035-CPUOCT2012
14492316 - DB-10.2.0.5-MOLECULE-036-CPUOCT2012
14665116 - DB-10.2.0.5-MOLECULE-037-CPUOCT2012
See My Oracle Support Document 1337394.1 that documents all the non-security bugs fixed in each 10.2.0.5.9 Patch Set Update (PSU).
PSU 10.2.0.5.9 contains all fixes previously released in PSU 10.2.0.5.8 and the following new fixes:
14269955 - MISSING KFD.O IN PSU 10.2.0.5.6 10.2.0.5.7 10.2.0.5.8
13775862 - AFTER TO APPLY PSU PATCH DVA FAILS WITH 500 INTERNAL ERROR
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/us/corporate/accessibility/index.html.
Access to Oracle Support
Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/support/contact.html or visit http://www.oracle.com/accessibility/support.html if you are hearing impaired.
Patch 14275629 - 10.2.0.5.9 Patch Set Update Release 10.2.0.5.9 for UNIX
Copyright © 2006, 2012, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark licensed through X/Open Company, Ltd.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.