oracle数据库高危漏洞补丁集安装

——记一次ORACLE数据库使用opatch升级PSU的过程
目的:使用oracle自带工具opatch对oracle数据库软件应用高危漏洞补丁集PSU,修复oracle数据库高危漏洞,规避由于普通用户具有业务用户数据表的查询权限,
绕过数据库安全机制对业务用户数据表进行增、删、改操作的隐患。
风险:
1、本次整改中需要启停数据库

2、对ORACLE数据库应用PSU补丁集可能会引入新的BUG
前期准备:
     操作系统版本:
[oracle@orcl11204 20299013]$ uname -a
Linux orcl11204 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:41:04 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
    OPatch软件客户端版本:
[oracle@orcl11204 20299013]$ export PATH=$ORACLE_HOME/OPatch:$PATH
[oracle@orcl11204 20299013]$opatch version
OPatch Version: 11.2.0.3.4
OPatch succeeded.
     数据库版本:
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> select ACTION_TIME, ACTION, COMMENTS from sys.DBA_REGISTRY_HISTORY;
ACTION_TIME       ACTION    COMMENTS
------------------------------ -------------------- ------------------------------
24-AUG-13 12.03.45.119862 PM   APPLY    Patchset 11.2.0.2.0
29-JUN-15 05.15.49.338988 PM   APPLY    Patchset 11.2.0.2.0
SQL> select count(*) from dba_objects where status'VALID';
  COUNT(*)
----------
0
SQL>select object_name,object_type,owner,status 
from dba_objects where status'VALID';
no rows selected

     准备高危漏洞补丁包
p20299013_112040_Linux-x86-64.zip(patch号参考文档 756671.1.html)      根据漏洞补丁集安装要求opatch的版本最低位11.2.0.3.6,因此需要准备

    p6880880_112000_Linux-x86-64.zip
高危漏洞的模拟测试
[oracle@orcl11204]$ sqlplus / as sysdba 
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jun 10 13:43:22 2015 
Copyright (c) 1982, 2011, Oracle.  All rights reserved. 
Connected to: 
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL>create user test identified by test; 
user created. 
SQL>grant dba to test; 
Grant succeeded. 
SQL>conn test/test 
Connected. 
SQL>create table t(id number); 
Table created. 
SQL>insert into t values(1); --插入5条 
1 row created. 
SQL>commit; 
Commit complete. 
  [oracle@orcl11g database]$ sqlplus / as sysdba 
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jun 10 13:43:22 2015 
Copyright (c) 1982, 2011, Oracle.  All rights reserved. 
Connected to: 
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL> create user test_update identified by test_update; 
User created. 
SQL> grant select on test.t to test_update; 
Grant succeeded. 
SQL>  grant create session to test_update; 
Grant succeeded. 
SQL> conn test_update/test_update 
Connected. 
SQL> select count(*) from test.t; 
COUNT(*) 
---------- 
    5
SQL> update (with tmp as (select id from test.t) select id from tmp) set id=10 where id = 1; 
1 row updated. 
SQL> commit; 
Commit complete. 
SQL> delete (with temp as (select * from test.t) select id from temp) where id = 2; 
1 row deleted. 
SQL> commit; 
Commit complete. 
SQL>  insert into (with temp as (select * from test.t) select * from temp) select *   
from test.t where id =1; 
0 rows created. 
SQL> commit; 
Commit complete. 
由上DML执行及结果部分可知,普通拥有对业务用户下表的查询权限可以通过构造临时表对业务数据表进
行DML操作,该漏洞很危险。 
以下是漏洞补丁安装及补丁安装完毕后的验证:
关闭数据库实例及监听程序,如果EM开启,也要关闭EM
[oracle@orcl11204 20299013]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 29 17:48:47 2015
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@orcl11204 20299013]$ lsnrctl statu
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-JUN-2015 17:50:59
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=orcl11204)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                29-JUN-2015 16:51:52
Uptime                    0 days 0 hr. 59 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/oracle/product/11.2.0.4/db/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/orcl11204/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orcl11204)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
根据readme的提示更新OPatch即将p6880880_112000_Linux-x86-64.zip上传解压并替换$ORACLE_HOME下的OPatch,注意先备份原有的OPatch以方便回退还原
[oracle@orcl11204 ~]$ opatch version
OPatch Version: 11.2.0.3.11
OPatch succeeded.
根据readme的提示先做安装前的预检,注意如果没有更新OPatch,预检能够通过,但是应用补丁集的时候会报错退出
[oracle@orcl11204 20299013]$ opatch prereq CheckConflictAgainstOHWithDetail -ph ./
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
PREREQ session
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-46-33PM_1.log
Invoking prereq "checkconflictagainstohwithdetail"
Prereq "checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.
[oracle@orcl11204 20299013]$ ps -ef|grep ora_
oracle    1757 24201  0 17:51 pts/2    00:00:00 grep ora_
[oracle@orcl11204 20299013]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-51-23PM_1.log
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckMinimumOPatchVersion" failed.
The details are:
The OPatch being used has version 11.2.0.3.4 while the following patch(es) require higher versions: 
Patch 17478514 requires OPatch version 11.2.0.3.5.
Patch 18031668 requires OPatch version 11.2.0.3.5.
Patch 18522509 requires OPatch version 11.2.0.3.5.
Patch 19121551 requires OPatch version 11.2.0.3.5.
Patch 19769489 requires OPatch version 11.2.0.3.5.
Patch 20299013 requires OPatch version 11.2.0.3.5.
Please download latest OPatch from My Oracle Support.
UtilSession failed: Prerequisite check "CheckMinimumOPatchVersion" failed.
Log file location: /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-51-23PM_1.log
OPatch failed with error code 73
以下是更新完OPatch的安装过程
[oracle@orcl11204 ~]$ ls
20299013  database  p20299013_112040_Linux-x86-64.zip  p6880880_112000_Linux-x86-64.zip  PatchSearch.xml
[oracle@orcl11204 ~]$ mv p6880880_112000_Linux-x86-64.zip $ORACLE_HOME
[oracle@orcl11204 ~]$ cd $ORACLE_HOME
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch                            plsql         srvm
assistants   cv           ide            lib      opmn                              precomp       suptools
bin          dbs          install        log      oracore                           racg          sysman
ccr          dc_ocm       instantclient  md       oraInst.loc                       rdbms         timingframework
cdata        deinstall    inventory      mesg     orcl11204_db11204                 relnotes      ucp
cfgtoollogs  demo         j2ee           mgw      ord                               root.sh       uix
clone        diagnostics  javavm         network  oui                               scheduler     usm
config       dv           jdbc           nls      owb                               slax          utl
crs          emcli        jdev           oc4j     owm                               sqldeveloper  wwg
csmig        EMStage      jdk            odbc     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
css          has          jlib           olap     perl                              sqlplus
[oracle@orcl11204 db]$ mv OPatch OPatch11204bak
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch11204bak                    plsql         srvm
assistants   cv           ide            lib      opmn                              precomp       suptools
bin          dbs          install        log      oracore                           racg          sysman
ccr          dc_ocm       instantclient  md       oraInst.loc                       rdbms         timingframework
cdata        deinstall    inventory      mesg     orcl11204_db11204                 relnotes      ucp
cfgtoollogs  demo         j2ee           mgw      ord                               root.sh       uix
clone        diagnostics  javavm         network  oui                               scheduler     usm
config       dv           jdbc           nls      owb                               slax          utl
crs          emcli        jdev           oc4j     owm                               sqldeveloper  wwg
csmig        EMStage      jdk            odbc     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
css          has          jlib           olap     perl                              sqlplus
[oracle@orcl11204 db]$ unzip p6880880_112000_Linux-x86-64.zip 
Archive:  p6880880_112000_Linux-x86-64.zip
   creating: OPatch/
  inflating: OPatch/operr.bat        
  inflating: OPatch/opatch.bat       
   creating: OPatch/crs/
  inflating: OPatch/crs/OsysModel.jar  
  inflating: OPatch/crs/installPatch.excl  
  inflating: OPatch/crs/patchDB.pl   
  inflating: OPatch/crs/CRSProductDriver.jar  
  inflating: OPatch/crs/patch112.pl  
  inflating: OPatch/crs/auto_patch.pl  
  inflating: OPatch/crs/opatchauto   
   creating: OPatch/crs/log/
  inflating: OPatch/crs/patch11203.pl  
  inflating: OPatch/crs/driver.jar   
  inflating: OPatch/crs/patch11202.pl  
  inflating: OPatch/emdpatch.pl      
  inflating: OPatch/README.txt       
   creating: OPatch/docs/
  inflating: OPatch/docs/Users_Guide.txt  
  inflating: OPatch/docs/Prereq_Users_Guide.txt  
  inflating: OPatch/docs/cversion.txt  
  inflating: OPatch/docs/FAQ         
 extracting: OPatch/version.txt      
   creating: OPatch/opatchprereqs/
   creating: OPatch/opatchprereqs/oui/
  inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml  
   creating: OPatch/opatchprereqs/opatch/
  inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch/rulemap.xml  
  inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml  
  inflating: OPatch/opatchprereqs/prerequisite.properties  
   creating: OPatch/opatchauto-dir/
   creating: OPatch/opatchauto-dir/opatchautocore/
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/ProductDriver.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/oplan_core.jar  
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/apache-commons/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/OsysModel.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/automation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/patchsdk.jar  
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/activation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/osysmodel-utils.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/bundle.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/Validation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/ValidationRules.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/com.oracle.glcm.common-logging_1.0.0.0.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/oplan  
  inflating: OPatch/opatchauto-dir/opatchautocore/oplan.bat  
  inflating: OPatch/opatchauto-dir/opatchautocore/README.txt  
  inflating: OPatch/opatchauto-dir/opatchautocore/README.html  
  inflating: OPatch/opatchauto-dir/opatchautocore/opatchautobinary  
   creating: OPatch/opatchauto-dir/opatchautodb/
   creating: OPatch/opatchauto-dir/opatchautodb/jlib/
  inflating: OPatch/opatchauto-dir/opatchautodb/jlib/oracle.oplan.db.classpath.jar  
  inflating: OPatch/opatchauto-dir/opatchautodb/jlib/oplan_db.jar  
   creating: OPatch/jlib/
  inflating: OPatch/jlib/oracle.opatch.classpath.jar  
  inflating: OPatch/jlib/opatch.jar  
  inflating: OPatch/jlib/opatchsdk.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.unix.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.windows.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar  
   creating: OPatch/scripts/
  inflating: OPatch/scripts/opatch_wls  
  inflating: OPatch/scripts/opatch_jvm_discovery.bat  
  inflating: OPatch/scripts/opatch_wls.bat  
  inflating: OPatch/scripts/opatch_jvm_discovery  
   creating: OPatch/oplan/
  inflating: OPatch/oplan/oplan.bat  
   creating: OPatch/oplan/jlib/
   creating: OPatch/oplan/jlib/jaxb/
  inflating: OPatch/oplan/jlib/jaxb/activation.jar  
  inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/oplan/jlib/OsysModel.jar  
  inflating: OPatch/oplan/jlib/JMXDrivers.jar  
  inflating: OPatch/oplan/jlib/Validation.jar  
  inflating: OPatch/oplan/jlib/automation.jar  
  inflating: OPatch/oplan/jlib/bundle.jar  
  inflating: OPatch/oplan/jlib/oplan.jar  
  inflating: OPatch/oplan/jlib/CRSProductDriver.jar  
  inflating: OPatch/oplan/jlib/OuiDriver.jar  
  inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/oplan/jlib/patchsdk.jar  
  inflating: OPatch/oplan/jlib/osysmodel-utils.jar  
  inflating: OPatch/oplan/jlib/ValidationRules.jar  
   creating: OPatch/oplan/jlib/apache-commons/
  inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/oplan/jlib/EMrepoDrivers.jar  
  inflating: OPatch/oplan/README.html  
  inflating: OPatch/oplan/oplan      
  inflating: OPatch/oplan/README.txt  
  inflating: OPatch/operr            
  inflating: OPatch/opatch           
  inflating: OPatch/opatchdiag.bat   
  inflating: OPatch/operr_readme.txt  
  inflating: OPatch/opatchdiag       
  inflating: OPatch/opatch.pl        
   creating: OPatch/ocm/
   creating: OPatch/ocm/lib/
  inflating: OPatch/ocm/lib/emocmclnt.jar  
  inflating: OPatch/ocm/lib/log4j-core.jar  
  inflating: OPatch/ocm/lib/regexp.jar  
  inflating: OPatch/ocm/lib/emocmcommon.jar  
  inflating: OPatch/ocm/lib/osdt_core3.jar  
  inflating: OPatch/ocm/lib/jsse.jar  
  inflating: OPatch/ocm/lib/http_client.jar  
  inflating: OPatch/ocm/lib/osdt_jce.jar  
  inflating: OPatch/ocm/lib/emocmclnt-14.jar  
  inflating: OPatch/ocm/lib/jnet.jar  
  inflating: OPatch/ocm/lib/jcert.jar  
  inflating: OPatch/ocm/lib/xmlparserv2.jar  
 extracting: OPatch/ocm/ocm.zip      
   creating: OPatch/ocm/bin/
  inflating: OPatch/ocm/bin/emocmrsp  
  inflating: OPatch/ocm/ocm_platforms.txt  
   creating: OPatch/ocm/doc/
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch                            perl          sqlplus
assistants   cv           ide            lib      OPatch11204bak                    plsql         srvm
bin          dbs          install        log      opmn                              precomp       suptools
ccr          dc_ocm       instantclient  md       oracore                           racg          sysman
cdata        deinstall    inventory      mesg     oraInst.loc                       rdbms         timingframework
cfgtoollogs  demo         j2ee           mgw      orcl11204_db11204                 relnotes      ucp
clone        diagnostics  javavm         network  ord                               root.sh       uix
config       dv           jdbc           nls      oui                               scheduler     usm
crs          emcli        jdev           oc4j     owb                               slax          utl
csmig        EMStage      jdk            odbc     owm                               sqldeveloper  wwg
css          has          jlib           olap     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
[oracle@orcl11204 20299013]$ opatch version
OPatch Version: 11.2.0.3.11
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch prereq CheckConflictAgainstOHWithDetail -ph ./
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
PREREQ session
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-52-51PM_1.log
Invoking prereq "checkconflictagainstohwithdetail"
Prereq "checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-53-23PM_1.log
Verifying environment and performing prerequisite checks...
OPatch continues with these patches:   17478514  18031668  18522509  19121551  19769489  20299013  
Do you want to proceed? [y|n]
y
User Responded with: Y
All checks passed.
Provide your email address to be informed of security issues, install and
initiate Oracle Configuration Manager. Easier for you if you use your My
Oracle Support Email address/User Name.
Visit http://www.oracle.com/support/policies.html for details.
Email address/User Name: 
You have not provided an email address for notification of security issues.
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]:  y
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/opt/oracle/product/11.2.0.4/db')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Applying sub-patch '17478514' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.sdo, 11.2.0.4.0...
Patching component oracle.sysman.agent, 10.2.0.4.5...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.sdo.locator, 11.2.0.4.0...
Patching component oracle.nlsrtl.rsf, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '18031668' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.ldap.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.crs, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.ldap.rsf.ic, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '18522509' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '19121551' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.sysman.console.db, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.ordim.client, 11.2.0.4.0...
Patching component oracle.ordim.jai, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '19769489' to OH '/opt/oracle/product/11.2.0.4/db'
ApplySession: Optional component(s) [ oracle.sysman.agent, 11.2.0.4.0 ]  not present in the Oracle Home or a higher version is found.
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.ovm, 11.2.0.4.0...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.rdbms.util, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.xdk.parser.java, 11.2.0.4.0...
Patching component oracle.oraolap, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '20299013' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms.dv, 11.2.0.4.0...
Patching component oracle.rdbms.oci, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.sysman.agent, 10.2.0.4.5...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.sysman.common, 10.2.0.4.5...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.xdk.parser.java, 11.2.0.4.0...
Patching component oracle.sysman.console.db, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.sysman.common.core, 10.2.0.4.5...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Composite patch 20299013 successfully applied.
Log file location: /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-53-23PM_1.log
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch lsinventory
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_19-07-44PM_1.log
Lsinventory Output file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/lsinv/lsinventory2015-06-29_19-07-44PM.txt
--------------------------------------------------------------------------------
Local Machine Information::
Hostname: orcl11204
ARU platform id: 226
ARU platform description:: Linux x86-64
Installed Top-level Products (1): 
Oracle Database 11g                                                  11.2.0.4.0
There are 1 products installed in this Oracle Home.
Interim patches (1) :
Patch  20299013     : applied on Mon Jun 29 19:00:43 CST 2015
Unique Patch ID:  18573940
Patch description:  "Database Patch Set Update : 11.2.0.4.6 (20299013)"
   Created on 4 Mar 2015, 02:27:44 hrs PST8PDT
Sub-patch  19769489; "Database Patch Set Update : 11.2.0.4.5 (19769489)"
Sub-patch  19121551; "Database Patch Set Update : 11.2.0.4.4 (19121551)"
Sub-patch  18522509; "Database Patch Set Update : 11.2.0.4.3 (18522509)"
Sub-patch  18031668; "Database Patch Set Update : 11.2.0.4.2 (18031668)"
Sub-patch  17478514; "Database Patch Set Update : 11.2.0.4.1 (17478514)"
   Bugs fixed:
     17288409, 17798953, 18273830, 18607546, 17811429, 17205719, 20506699
     17816865, 19972566, 17922254, 17754782, 16384983, 17726838, 13364795
     16934803, 17311728, 17284817, 17441661, 17360606, 13645875, 18199537
     16992075, 16542886, 17446237, 14015842, 17889549, 14565184, 19972569
     17071721, 20299015, 17610798, 17375354, 17449815, 17397545, 19463897
     18230522, 13866822, 17235750, 17982555, 16360112, 18317531, 17478514
     19769489, 12905058, 14338435, 18235390, 13944971, 18641451, 20142975
     17811789, 16929165, 18704244, 12747740, 18430495, 20506706, 17546973
     14054676, 17088068, 17346091, 18264060, 17016369, 17042658, 17343514
     14602788, 19972568, 19680952, 18471685, 19788842, 18508861, 14657740
     17332800, 19211724, 13837378, 13951456, 16315398, 17186905, 18744139
     19972564, 16850630, 18315328, 17437634, 19049453, 18673304, 17883081
     19006849, 19915271, 19013183, 18641419, 17296856, 18674024, 18262334
     17006183, 18277454, 16833527, 17232014, 16855292, 10136473, 17762296
     14692762, 17705023, 18051556, 17865671, 17852463, 18554871, 17853498
     19121551, 18334586, 19854503, 17551709, 19309466, 17588480, 19827973
     17344412, 17842825, 18828868, 18681862, 18554763, 17390160, 18456514
     16306373, 17025461, 13955826, 18139690, 11883252, 13609098, 17501491
     17239687, 17752121, 17299889, 17602269, 19197175, 17889583, 18316692
     17313525, 18673325, 12611721, 19544839, 18293054, 17242746, 18964939
     17600719, 18191164, 19393542, 17571306, 18482502, 19466309, 17951233
     17649265, 18094246, 19615136, 17040527, 17011832, 17165204, 18098207
     16785708, 16870214, 17465741, 16180763, 17174582, 17477958, 12982566
     16777840, 18522509, 20631274, 16091637, 17323222, 19463893, 16595641
     16875449, 12816846, 16524926, 17237521, 18228645, 18282562, 17596908
     19358317, 17811438, 17811447, 17945983, 18762750, 17156148, 18031668
     16912439, 17184721, 16494615, 18061914, 17282229, 17545847, 18331850
     18202441, 17082359, 18723434, 19554106, 17614134, 13558557, 17341326
     14034426, 17891946, 18339044, 17716305, 19458377, 17752995, 16392068
     19271443, 17891943, 18092127, 17258090, 17767676, 16668584, 18384391
     17614227, 17040764, 16903536, 17381384, 14106803, 15913355, 18973907
     18356166, 18673342, 17389192, 14084247, 16194160, 17612828, 17006570
     20506715, 17721717, 13853126, 17390431, 18203837, 17570240, 14245531
     16043574, 16863422, 17848897, 17877323, 18325460, 19727057, 17468141
     17786518, 17912217, 16422541, 19972570, 17267114, 17037130, 18244962
     18765602, 18203838, 18155762, 16956380, 16198143, 17246576, 17478145
     17394950, 14829250, 18189036, 18641461, 18619917, 17835627, 17027426
     16268425, 18247991, 19584068, 14458214, 18436307, 17265217, 17634921
     13498382, 16692232, 17786278, 17227277, 16042673, 16314254, 17443671
     18000422, 16228604, 16837842, 17571039, 17393683, 16344544, 17787259
     18009564, 20074391, 14354737, 15861775, 18135678, 18614015, 16399083
     18362222, 18018515, 16472716, 17835048, 17050888, 17936109, 14010183
     17325413, 18747196, 17080436, 16613964, 17036973, 17761775, 16579084
     16721594, 17082983, 18384537, 18280813, 20296213, 17302277, 16901385
     18084625, 15979965, 15990359, 18203835, 17297939, 17811456, 16731148
     13829543, 14133975, 17215560, 17694209, 18091059, 17385178, 8322815
     17586955, 18441944, 17201159, 16450169, 9756271, 17655634, 19730508
     17892268, 18868646, 17648596, 16220077, 16069901, 11733603, 16285691
     17587063, 18180390, 16538760, 18193833, 17348614, 17393915, 17957017
     17274537, 18096714, 17308789, 17238511, 18436647, 17824637, 14285317
     19289642, 14764829, 17622427, 18328509, 16571443, 16943711, 14368995
     18306996, 17346671, 14852021, 18996843, 17783588, 16618694, 17853456
     18674047, 17672719, 18856999, 12364061, 18783224, 17851160, 17546761
--------------------------------------------------------------------------------
OPatch succeeded.
[oracle@orcl11204 20299013]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 29 19:08:09 2015
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area  726540288 bytes
Fixed Size    2256792 bytes
Variable Size  478150760 bytes
Database Buffers  243269632 bytes
Redo Buffers    2863104 bytes
Database mounted.
Database opened.
SQL> conn test_update/test_update
Connected.
SQL> update (with tmp as (select id from test.t) select id from tmp) set id=10 
where id = 1;
  2  update (with tmp as (select id from test.t) select id from tmp) set id=10
                                      *
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> 
SQL> select ACTION_TIME, ACTION, COMMENTS from sys.DBA_REGISTRY_HISTORY;
ACTION_TIME       ACTION    COMMENTS
------------------------------ -------------------- ------------------------------
24-AUG-13 12.03.45.119862 PM   APPLY    Patchset 11.2.0.2.0
29-JUN-15 05.15.49.338988 PM   APPLY    Patchset 11.2.0.2.0
SQL> select count(*) from dba_objects where status'VALID';
  COUNT(*)
----------
0
SQL>select object_name,object_type,owner,status 
from dba_objects where status'VALID';
no rows selected

到此高危漏洞集安装及安装后漏洞验证成功完成!

时间: 2024-08-05 12:22:29

oracle数据库高危漏洞补丁集安装的相关文章

游戏安全资讯精选 2017年 第四期:游戏行业上周最大DDoS流量超770G, 魔兽世界遭遇DDoS攻击,开源CMS Drupal 8发布更新修复多处高危漏洞补丁

  [每周行业DDoS攻击态势]     [游戏安全动态]  魔兽世界遭遇DDoS攻击.点击查看原文   概要:此次 DDoS 攻击实际是从周日的早上开始发生,暴雪发现问题后第一时间在 Twitter 上发出通知,"我们正在对于身份验证服务缓慢的原因进行调查."目前还没有个人或组织对此次 DDoS 事件负责,暴雪目前也还未公开更多攻击细节.(引用自Freebuf) 点评:阿里云安全团队也跟踪发现,暴雪被DDoS的时长近三小时.攻击最开始,登录服出现问题,接着是支付出现问题,并在1小时后

oracle数据库如何打补丁

给软件打补丁相当于给人打预防针,对系统的稳定运行至关重要.本文详细.系统地介绍了Oracle数据库补丁的分类.安装.管理等问题. 厂商提供给用户的软件补丁的形式多为编译后的库函数,所以安装软件补丁实际上就是把这些库函数拷贝到相应目录,并在需要时进行联接操作.软件公司一般在一段时间后会把针对某一版本的所有补丁进行整理:合并融合,解决冲突,进行整体测试,并使文件拷贝和联接操作自动执行,得到一个软件补丁"包 ".不同的公司使用不同的名称,现在一般计算机用户都熟悉的Windows Servic

站长们注意啦!开源CMS Drupal 8发布更新修复多处高危漏洞补丁,提示您升级

据外媒报道, Drupal 研究人员于 8 月 16 日发布安全报告,宣称已修复 Drupal 8 多处漏洞并在线更新安全补丁.研究显示这些漏洞影响 Drupal 8 多个系统组件,包括实体访问系统.REST API 与部分视图组件. CVE-2017-6925 研究人员发现 Drupal 8.3.7 中存在一处高危漏洞(CVE-2017-6925),影响实体访问系统,允许攻击者查看.创建.删除或更新实体.不过,该漏洞仅影响不具备 UUID 实体,以及对同一实体不同版本有多种访问限制的实体系统.

Oracle发布Java7漏洞补丁提升安全级别

[搜狐IT消息]在宣布修正Java严重0day漏洞的消息发出一天后,甲骨文公布了Java SE 7u11更新.该补丁包含了安全漏洞CVE-2013-0422的补丁,同时也改变了默认的Java安全级别设置,任何未签名的Java Applet或Java Web Start应用 程序运行时总是会被提示,这样可以防止恶意应用被下载,对用户来说这可能会带来的影响是需要多确认一下.上周一个重大Java漏洞被披露出来,这可以导致未经身份认证的远程攻击者在受害系统上执行任意代码,这一切只需要特制一个HTML文档

【云端起舞】Oracle云上一键安装数据库补丁集

编辑手记:为数据库升级打补丁是一项常规的任务,在通常情况下 ,打补丁是一件繁琐的事情,需要考虑的细节比较多.但在云上,可以通过按钮一键式应用 相关补丁集,高效便捷.我们今天一起来学习 Oracle Cloud Database Patching Then patch like a king with single click Database As A Service (DbaaS)  系列文章回顾: 1.Configure and Practice Backup and Recovery in

Linux+php+apache+oracle环境搭建之CentOS下安装Oracle数据库_Linux

这里推荐使用OTK脚本安装Oracle,会大大提高安装Oracle的成功系数. Description oraToolKit is the Swiss Army Knife for Oracle. Standards and well designed tools help DBA's mastering Oracle 10g / 11g throughout the whole lifecycle. OTK runs on Linux, zLinux, Solaris, AIX, HP-UX

Digital Unix Version 4.0下Oracle 8.0.5服务器的安装

oracle|unix|服务器 Digital Unix Version 4.0下Oracle 8.0.5服务器的安装 石骁騑(中软网络技术股份有限公司,北京,100081) 一. 系统需求在安装Oracle 8 服务器前,首先检查系统是否满足表1和表2所示的软硬件需求.1. 硬件需求 表1 硬件需求硬件项目 需求CPU Digital Unix alpha 系统内存 最少128M RAM交换空间 2-4倍的内存大小磁盘驱动(Disk Drives) 至少四个设备:一个用于Oracle软件的分发

使用OCCI连接Linux下Oracle数据库

OCCI(Oracle C++ Call Interface):C++程序与Oracle数据库实现交互的应用程序接口,它以动态连接库的形式提供给用户.OCCI对OCI实行了对象级的封装,其底层仍是OCI OCCI连接Linux下的Oracle数据库: 1 安装Linux下的oracle客户端 2 下载对应的oracle-instantclient-basic-10.2.0.4-1.i386.zip将其拷贝至Linux的Oracle账户并解压至instantclient_10_2目录 实现OCCI

Oracle数据库opatch补丁操作流程_oracle

一. 升级前准备工作 1. 确认数据库版本 使用dba登陆查询当前数据库的版本 SQL> select * from v$version; BANNER ---------------------------------------------------------------- Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bi PL/SQL Release 10.2.0.5.0 - Production CORE