Oracle Database Patching
Oracle corporation releases patches and patch sets(bundle of individual patches) periodically to address various software errors /bugs in the Oracle server software.
Patches are fixes to the bugs in the oracle server software.
It is mandatory to apply patches to operating systems to address various bugs.(OS patches are different from oracle database patches. Download OS vendor patches from vendor sites. Foe example to patch solaris OSdownload patch from http://www.sun.com/).
If we are in constant communication with oracle technical support we'll be aware of patches. First question that a technical support asks is if the database has been upgraded by application of most recent patch relea/patch set release. The first recommendation is to apply latest patches/patch set to the oracle database.
What is a Patch set/Oracle patch set?
Each of the oracles patch setld cover fixes for literally hundreds of bugs. Its is recommended to apply a patch set as soon as it is available. One of the primary reasons for this is to see if your bug is unique to your database or if a general solution has already been found for the problem. When we ask oracle technical support to resolve a major problem caused by a bug ,Oracle usually provides us wth a workaround. Oracle recommends that we upgrade our database to the latest versions and patch sets because some Oracle bugs may not have any workarounds or fixes.
Is it recommended to apply patches/patch set directly on the production systems?
No. It is not advisable to apply the patches directly onto production systems. We don't like to jeoparadize the performance of our production system .
The ideal solution is to maintain a test server where the new software(patch set) is tested thoroughly before being moved into production as early as possible.
anges like applying aptches/patch set to a system.
What are Critical Patch Updates?
Critical Patch Updates are comprehensive patches that address significant security vulnerabilities and include fixes you can apply. They are prerequisite for security fixes.
Metalink And Patch Updates :
An important part of security management is keeping up with the latest news about secury vulnerabilities and the patches to overcome them.
Oracle has a policy of quickly issuing fixes for new security problems. We should check for the latest security patches on the Oracle metalink website http://metalink.oracle.com/
We can find regular security alerts at the location http://technet.oracle.com/deploy/security/alert.htm
We can find notes about the security breaches on the metalink site in the "News and Notes" section. If we wish Oracle will send e-mail security alerts about new issues. We can sign up for the free servieby registering a http://otn.oracle.com/deploy/security/alerts.htm
Oracle provides critical patch updates on quarterly schedule and customers are notified of these updates via meta link, the OTN security alerts page, the oracle security RSS feed. If you're already a Metalink subscriber, you are automatically sgned up for the Critical patch updates.
What in case of an emergency bug?
If a patch addresses a severe threat Oracle will not wait for the quarterly to send the patch to you. In such cases oracle will issue an unscheduled security alert through Metalink and will let you immediately download the patch.The patch will also be included in the next quartely critical patch update. These patches are called as interim patches and we can use opatch utility provided by oracle for this purpose.
How frequently should I apply patch/patch my system?
We can have a regular planned quterly schedule for patching our system. A single patch on a quarterly basis is better than a number of patches that need extensive testing and may conflict with each other.
What is a risk matrix?
Oracle has introduced a new Risk Matrix along with its quarterly Critical Patch Updates. the risk matrix enables customers to estimate the scope and severity of the vulnrabilities addressed by each Critical Patch Update. I tells us the threat we face to confidentiality, integrity and availability and the conditions under which our system is most exploitable. We can thus address the risk to our system and prioritize the patching on those systems.
How do I apply an Oracle patch?
Database control is a GUI that is bundled with oracle server software. We can download the patches from Metalink using the Database Control page. From Patching setup page(which is a tab option in Database Control page) we can enter our Metalink credentials to search for new patches and apply them.
Downloading and Installing Patches:
1) Check the OracleMetalink Web site for required patches for your installation. To download required patches.Use a Web browser to view the OracleMetalink Web site: http://metalink.oracle.com/
2) Log in to OracleMetalink
3) On the main OracleMetalink page, click Patches. Select Simple Search. Specify the following information, then click Go:
In the Search By field, choose Product or Family, then specify RDBMS Server
In the Release field, specify the current release number
In the Patch Type field, specify Patchset/Minipack
In the Platform or Language field, select your platform
Will Patch Application Affect System Performance?
Application of certain patches could affect the performance of good SQL statements. So collect a set of performance statistics that can serve as a baseline before we make any major changes like applying a patch to the system.
Patches in Grid Environment:
We can use the Oracle Enterprise Manager(OEM) grid control to patch oracle and manage warnings about critical patches. The Grid control homepage has an overall view of the entire enterprise. This provides details on health of database. It has Critical Patch advisories which display a visual summary of any patch advisories and the affected oracle homes.
Patching refers to fixing bugs in Oracle server software,not the oracle database. Oracle database is the file structure for storing data. Any changes to that will affect data integrity.