Patch nomenclature for oracle databases

Feb 28, 2020

Share this post
issues-after-qlikview-version-upgrade-on-passive-node-of-production-servers

Introduction:

Oracle releases patches for wide range of its products to enhance the feature and stability. Oracle database patches are part of such releases and those are highly recommended to apply in order to stay out of threats and vulnerabilities.

There are many classifications of patches available for each version of oracle database product. Here in this blog, I’m going to depict such information to get an overview of patch types and few latest changes in it.

Acronym

Type of patch

Description
PSU Patch set update Cumulative patches that contain security fixes, additional fixes and enhancements
CPU Critical patch update Cumulative patches consisting of security fixes
SPU Security patch update An iterative, cumulative patch consisting of security fixes. Formerly known as Critical Patch Update
CVE Common Vulnerabilities and Exposures Information about security vulnerabilities, with unique CVE number
OJVM Oracle Java VM Includes critical fixes for the Oracle Java VM component within the Oracle Database
RU Release update Proactive bundle of critical fixes, similar to BP
RUR Release update revision Includes updates with fixes for known regressions and latest security vulnerability fixes

Other terminologies

Description
Mitigation Patch For interim solution on demand, where patch not included neither in PSU nor in CPU
Bundle patch (BP) Cumulative patch issued between patch set bundles
Diagnostic patch Type of interim patch used for the diagnosis of a specific issue
Interim patch Also called as one-off patches, used to fix a specific bug
Cumulative Patch Patch which includes the bug fix/security released in the previous patch release (PSU or CPU)
Replacement patch A patch found as regressed, for which support can recommend a replacement
Security update Security update releases
Merge Label Request (MLR) A bundle of patches fixing several bugs.

Frequency and classification of patches:

    • CPU’s or SPU’s and PSU’s are released quarterly, and Oracle prefers to release RU/RUR’s since 12.2.x.x.x versions and PSU’s are no longer going to be available in future versions.
    • CVE’s are released for each security fixes and may include in subsequent CPU’s and PSU’s distributions.
    • RU’s are the new set of proactive bundle patches starting from 12.2 version.
    • RUR’s are the SPU’s with one-off regression fixes and each update is followed by up to two separate Revisions for the six months after the Update is released.

In the following diagram, we can see RU update released in January for a version will have its revisions in April, July and the revision cycle ends. There after a new cycle begins for the next RU version update.

Oracle official sample of RU/RUR’s for 18c are as below:

Naming convention of patch updates:

Choose the related quarter release with subject

Patch <patchNumber>:  <Description of the patch> <dbVersion>.<yymmdd>

Eg: Patch 30298532: DATABASE PATCH SET UPDATE 11.2.0.4.200114

 

Cross check the patchNumber/dbVersion/osVersion during download

p<patchNumber>_<dbVersion>_<osVersion>.zip

Eg:p30298532_112040_SOLARIS64.zip

 

12.2.0.1 Database Release – Naming Convention For Update/Revision

    • Release Update – Database <Quarter> Release Update 12.2.0.1.<build-date>
    • Release Update Revision – Database <Quarter> Release Update Revision 12.2.0.1.<build-date>

Finding Patches For A Database:

Navigate through one link http://www.oracle.com/technetwork/topics/security/alerts-086861.html

    • Critical Patch Update
    • Affected Products and Patch Information – Choose database
    • Patch Availability for Oracle Products – Choose Oracle database
    • Go to Oracle database section and choose the version.

For example 11.2.0.4, as “Oracle Database 11.2.0.4”

Easy Way To Download Recommended Patches Through Meta Link Doc ID:

    • Database 11.2.0.4 Proactive Patch Information (Doc ID 2285559.1)
    • Database 12.1.0.2 Proactive Patch Information (Doc ID 2285558.1)
    • Database 12.2.0.1 Proactive Patch Information (Doc ID 2285557.1)
    • Database 18 Proactive Patch Information (Doc ID 2369376.1)
    • Database 19c Proactive Patch Information (Doc ID 2521164.1)

Patch Support For Oracle Database Versions Published By Oracle (Doc ID 742060.1) As A Reference:

Bottom line:

Oracle patches are highly recommended to ensure database security and stay out of threats and vulnerabilities!

Recent posts

Categories