Database Security and Patches – Part 2

Part 2 of this series covers
the mechanics of installing a patch. Overall, installing a patch is quite easy,
but depending upon the platform and version, the number of steps may be
different. The base version used as the example is Oracle (for Windows NT/2000/XP)
– exactly what you get on the download from Oracle Technology Network. The
patch process uses Patchset 4163445 ( PATCHSET FOR ORACLE DATABASE

Overview of the patch process

There are four general
phases involved in the patch process:

  • Get the patchset (MetaLink

  • Upgrade the Oracle Universal
    Installer (not always required)

  • Install the patch using OUI

  • Running maintenance, clean up, or
    one-off scripts (not always required)

Upgrading the OUI can be
viewed as a bootstrap process (bootstrap in the same sense as used in computer
science related to starting up an operating system or developing a new
language). What typically takes place is a requirement to start the upgrade by
using your currently installed version of OUI. The end result is a newer
version of OUI on your computer. The idea is that it takes OUI to install OUI.

Once the new version of OUI
is installed, OUI is launched again as its new invocation and the patch itself
is installed. The windows are very similar to what you see when installing the
RDBMS software in the first place. Lastly, it may be necessary to run one or
more additional scripts. For example, applying to an HP Itanium running
Red Hat Linux includes running a CPU-related fix-it script in addition to a
catpatch.sql script.

One other patch-related program
is something known as OPatch. Documentation about OPatch is rolled into Oracle®
Universal Installer and OPatch User’s Guide, 10g Release 2 (10.2) for
Windows and UNIX. From Chapter 8 of the guide:

OPatch is an Oracle supplied utility to assist you with the process of
applying interim patches to Oracle’s software. OPatch is a Java-based utility
which requires the Oracle Universal Installer to be installed. It is platform
independent and runs on all supported operating systems.

OPatch supports the following:

  • Applying an interim patch.

  • Rolling back the application of an interim patch.

  • Detecting conflict when applying an interim patch after
    previous interim patches have been applied. It also suggests the best options
    to resolve a conflict.

  • Reporting on installed products and interim patch.

OPatch and using Enterprise
Manager to manage patches will be covered in a subsequent article. For now, our
emphasis is on Oracle9i and the "old fashioned" way of installing a

Steve Callan
Steve Callan
Steve is an Oracle DBA (OCP 8i and 9i)/developer working in Denver. His Oracle experience also includes Forms and Reports, Oracle9iAS and Oracle9iDS.

Latest Articles