Apply OCT2014 DB PSU OJVM PSU and JDBC Patch Onto 11.2.0.4 ORACLE_HOME

Always apply the latest patches as soon as possible as Oracle recommended.

There is a requirement to apply Oct 2014 PSU onto 11.2.0.4 ORACLE_HOME.

From Oct 2014 onwards, Oracle JavaVM Component Database PSU is released as part of the Critical Patch Update program.

It consists of two separate patches:

  • One for JDBC clients – applicable to Client, Instant Client, Database and Grid ORACLE_HOMES. This is referred to as “JDBC Patch” .
  • One for Oracle JavaVM component within the Oracle Database – applicable to database ORACLE_HOMEs only. This is referred to as “OJVM PSU” .

The table below shows which Oracle JavaVM Component patches are required in the various ORACLE_HOMEs.

VersionType of HomeOctober 2014January 2015
12.1.0.2Database HomeOJVM PSU (Oct 2014)(or Mitigation Patch)OJVM PSU (Jan 2015)(or Mitigation Patch)
Grid HomeNoneNone
Client / Instant Client HomeNoneNone
12.1.0.1,
11.2.0.4,
11.2.0.3,
11.1.0.7		Database HomeOJVM PSU (Oct 2014)
and JDBC Patch (Oct 2014)(or Mitigation Patch and JDBC Patch)		OJVM PSU (Jan 2015) [includes JDBC fixes](or Mitigation Patch and JDBC Patch)
Grid HomeJDBC Patch (Oct 2014) JDBC Patch (Oct 2014)
Client / Instant Client HomeJDBC Patch (Oct 2014) JDBC Patch (Oct 2014)
Other VersionsDatabase HomeMitigation PatchMitigation Patch

OJVM PSU

  • packaged separately from the Database PSU (or equivalent) as they cannot be installed in a RAC Rolling manner, nor in Standby First manner.
  • Oracle has also released “Combo” patches that bundle the OJVM PSU in the same ZIP file as DB PSU and/or GI PSU for ease of download. The OJVM component in these “Combo” patches is in a separate subdirectory with its own install steps still required. October 2014 “Combo” patches do not include the JDBC Patch.
  • are applicable to all database installations regardless of which patching model is used (DB PSU, GI PSU, Security Patch Update (SPU), Windows Bundle Patch or Database Patch for Exadata)
  • require the database home to be patched to at least October 2014 DB PSU (or equivalent)
  • include binary changes to be applied to each Database ORACLE_HOME, and “post install” steps to be execute on each database running from the ORACLE_HOME
  • from January 2015 onwards: include the JDBC fixes
  • For situations where the latest OJVM PSU cannot be installed immediately there is a “Mitigation Patch” that can be used.

MITIGATION PATCH

For situations where the latest OJVM PSU cannot be installed immediately there is a “Mitigation Patch” that can be used. The “Mitigation Patch” is an interim solution to protect against all currently known (Jan 2015) Oracle JavaVM security vulnerabilities in the database until such time as the OJVM PSU can be installed. It can also be used to protect database versions no longer covered by error correction support.

  • is applicable only to database homes, not client nor Grid homes
  • is only applicable to databases that have JavaVM installed
  • has no dependency on the DB PSU (or equivalent) level
  • can be installed in a RAC Rolling manner
  • is a SQL only patch that needs to be installed and activated in each database, hence it can be installed standby first but it requires SQL steps to be executed to be effective, which cannot be done on a read only standby
  • affects use of Java and Java development in the database
    has been reviewed for January 2015 and provides mitigation against all currently known OJVM vulnerabilities
  • can be downloaded here: Patch:19721304

Applying the Mitigation Patch

1. Download and apply the relevant version of Patch:19721304 to each database ORACLE_HOME
2. Execute the patch post install steps against all databases running from each ORACLE_HOME. See the README supplied with the patch for post install steps relevant to the database version.
3. Check the patch logs for any errors and correct as required
4. Run the following step as a SYSDBA user to DISABLE Java development in the database:
      SQL> exec dbms_java_dev.disable
Temporarily Enabling Creation/Update of Stored Java Objects

If you need to allow the creation/update of stored Java objects, including application of patches that affect stored Java or the Oracle JavaVM:

Connect to the database as a SYSDBA user

SQL> exec dbms_java_dev.enable;

Perform the steps required to create or replace Java objects, apply Java related patches.

SQL> exec dbms_java_dev.disable;

Be sure to end the steps with the call to “dbms_java_dev.disable” in order to protect the database.

Applying an “Oracle JavaVM Component Database PSU” Patch with the Mitigation Patch Already Installed

You must “enable” Java development prior to installing the OJVM PSU patch.

Disconnect users and prevent user access to the databases running from the ORACLE_HOME to be patched

“exec dbms_java_dev.enable;” in each database

Shutdown the databases

Follow the full steps to apply the OJVM PSU patch, including running post install steps against each database

You do not need to “disable” Java development after patching with the latest OJVM PSU patch, unless you wish to do so.

JDBC PATCH

  • JDBC patch is separately from the OJVM PSU and Database PSU (or equivalent) for ease of deployment to client environments
  • are applicable to Client, Instant Client and Grid ORACLE_HOMES The JDBC fixes are also applicable to the Database home regardless of whether Oracle JavaVM is used in a database or not:

For October 2014 the JDBC Patch should also be installed in the Database home.
For January 2015 the OJVM PSU includes the JDBC fixes and so the JDBC patch does not need to be installed in the Database home unless OJVM PSU is not being installed

  • are applicable to all installations regardless of which patching model is used (DB PSU, GI PSU, Security Patch Update (SPU), Windows Bundle Patch or Database Patch for Exadata)
  • have no dependency on OJVM PSU nor Database PSU (or equivalent) patch level
  • can be installed in database server homes in a RAC Rolling manner
  • do not require the database and listeners to be shutdown for patching in non-RAC environments
  • do not require any post install steps be executed against individual databases

 APPLY PATCHES

The Oct 2014 PSU patches include:

1) Patch 19121551 -- Database Patch Set Update 11.2.0.4.4( Includes CPUOCT2014)
2) Patch 19282021 - Oracle JavaVM Component 11.2.0.4.1 Database PSU (Oct2014)
3) Patch 19852360: ORACLE JAVAVM COMPONENT 11.2.0.4.1 DATABASE PSU - GENERIC JDBC PATCH (OCT2014)
  1. Shutdown databases and services on all nodes
  2. Apply DB PSU Patch 19121551, but do NOT run DB PSU post install steps
  3. Apply OJVM PSU Patch 19282021.
  4. October 2014 only for DB versions below 12.1.0.2: Apply the JDBC Patch 19852360
  5. Run post install steps on all DBs in the patched home:
    • For 11.2.0.3 and 11.2.0.4 run the OJVM PSU post install steps followed by the DB PSU  post install steps.
    • For 11.1.0.7 run the OJVM PSU post install steps, then shutdown/restart the database before following the DB PSU (or equivalent) post install steps. [see note-4 below]
  6. Re-start any stopped databases / services running from this ORACLE_HOME.

REFERENCE:

Oracle Recommended Patches — “Oracle JavaVM Component Database PSU” (OJVM PSU) Patches (Doc ID 1929745.1)

Advertisement

One thought on “Apply OCT2014 DB PSU OJVM PSU and JDBC Patch Onto 11.2.0.4 ORACLE_HOME”

  1. i ve started an Oracle DBA Whatsapp group .. if you are interested to join us pls messg my whatsapp no. +0919663329193.. glad to ve u in the grp..ty

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: