Database Security and Patches - Part 2 - Page 2
November 22, 2005
Sorting out patches and patchsets
Unlike the base version of each Oracle product (available at Oracle Technology Network), virtually all patches are obtainable only via MetaLink. Access to MetaLink requires a support contract, so if you are on your own (i.e., student, learning Oracle on your own, etc.), your access to patches for a product are quite limited. HTML DB is an example of where Oracle has released a patch outside of MetaLink, but with respect to the RDBMS product, you can pretty much count on the requirement to have access to MetaLink.
Once you are in MetaLink, what do you look for? It helps to know the patch number ahead of time because you can search by number instead of by product. One semantics-related concept that helps in your search is understanding Oracle's terminology. As an analogy (in most cases), when someone refers to a database, there is not a distinction between database and instance, and as we all know, sometimes the distinction is important. With respect to a patch, more often than not we really mean patchset. If we want to turn a 126.96.36.199 software installation into a 188.8.131.52 version, we have to apply a patchset.
Additionally, since the base releases tend to start off with a one, the "7" in "184.108.40.206" means patchset 6. And to be precise, not every patchset upgrades the version release. Patchsets, by definition, are cumulative fixes of other problems. As a general rule of thumb, you can almost always safely or routinely apply a "family" patchset, but other patchsets (and patches) should be applied only when certain conditions are met in your particular environment. Of course, it does not help that Oracle refers to patches and patchsets by patch number (see the left column in the pictures below).
How does Oracle view a patchset?
Click for larger image
Click for larger image
The table below summarizes how Oracle software is released.
Installing patchset 220.127.116.11
Selecting the link for 4163445 shows the following:
Downloading the "patch" file requires no explanation, and uncompression or extraction of the file can generally be done anywhere except under ORACLE_HOME. For this patchset, the instructions direct you to use a newer version of Oracle Universal Installer (version 10.1.0.4, to be precise). The newer version of OUI comes bundled with the patchset, so phase one (use OUI to upgrade OUI) applies here. Other considerations include upgrading standby databases, clearing statistics out of the SYS schema (shouldn't be there anyway, right?), and checking for post-release updates.
Before actually starting OUI, some preliminary steps include:
An interactive session is nothing more than responding to OUI. A noninteractive session uses a response file. Since this example uses the interactive mode, we have to start OUI using setup.exe in the folder where the ZIP file was extracted. The target or source file, products.xml, is in the stage folder.
Run setup.exe and update the path and name of your Oracle 9.2 installation.
The installation process is straightforward, and the installation successful message at the end is a good sign.