甲骨文发布2012 4月数据库安全补丁Critical Patch Update April 2012

根据最新的Update to Oracle Security Alert January 2012,Oracle Database的最新Critical Patch Updates将会在17 April 2012发布,即下个月的中旬, 包括针对版本11.2.0.3的 CPU、PSU补丁将 Release,因为版本10gR2已经实际进入Sustaining Support(Oracle Database 10.2 has now transitioned from Premier Support to Sustaining Support. Our records indicate the CSI used for this SR does not have Extended Support so you are only eligible to Sustaining Support. Sustaining Support includes assistance with service requests, on a commercially reasonable basis, 24 hours per day, 7 days a week. It does not include new program updates, fixes, security alerts and critical update. The support policy details can be accessed at “http://www.oracle.com/us/support/library/057419.pdf “. If you need Extended Support please contact your account team.),

 

所以我们有理由相信这次的CPU更新将不会再针对10gR2的Last Patchset 10.2.0.5 ,让11gR2来得更激烈一些吧!

 

Critical Patch Updates

Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 17 April 2012
  • 17 July 2012
  • 16 October 2012
  • 15 January 2013

For Oracle Java SE Critical Patch Updates, the next three dates are:

  • 12 June 2012
  • 16 October 2012
  • 19 February 2013

 

 

Patch Set Update and Critical Patch Update April 2012 Availability Document 介绍了 2012 April CPU 相关的Database 补丁:

 

Patch Availability for Oracle Database 11.2.0.3

Product Home Patch Advisory Number Comments
Oracle Database home Database 11.2.0.3 CPU Patch 13632717, orDatabase 11.2.0.3.2 PSU Patch 13696216, orGI 11.2.0.3.2 PSU Patch 13696251, orDatabase patch for Exadata (April 2012 – 11.2.0.3.5) Patch 13734832, or

Quarterly Full Stack download for Exadata (April 2012) Patch 13839416, or

Microsoft Windows (32-Bit) Bundle Patch 13885388, or

Microsoft Windows x64 (64-Bit) Bundle Patch 13885389

CVE-2012-0552, CVE-2012-0534, CVE-2012-0527, CVE-2012-0526, CVE-2012-0525
Oracle Database home Patch 13705478 CVE-2011-5035 OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)

 

Patch Availability for Oracle Database 11.2.0.2

Product Home Patch Advisory Number Comments
Oracle Database home Database 11.2.0.2 CPU Patch 13632725, orDatabase 11.2.0.2.6 PSU Patch 13696224, orGI 11.2.0.2.6 PSU Patch 13696242, orExadata Database Recommended Patch 16 Patch 13837673, or

Microsoft Windows (32-Bit) Bundle Patch 13697073, or

Microsoft Windows x64 (64-Bit) Bundle Patch 13697074

CVE-2012-0552, CVE-2012-0534, CVE-2012-0527, CVE-2012-0526, CVE-2012-0525, CVE-2012-0520, CVE-2012-0512, CVE-2012-0519 (Windows only)
Oracle Database home Patch 13705478 CVE-2011-5035 OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)

 

Patch Availability for Oracle Database 11.1.0.7

Product Home Patch Advisory Number Comments
Oracle Database home Database 11.1.0.7 CPU Patch 13632731, orDatabase 11.1.0.7.11 PSU Patch 13621679, orMicrosoft Windows (32-Bit) Bundle Patch 13715809, orMicrosoft Windows x64 (64-Bit) Bundle Patch 13715810 CVE-2012-0552, CVE-2012-0534, CVE-2012-0528, CVE-2012-0527, CVE-2012-0526, CVE-2012-0525, CVE-2012-0520, CVE-2012-0512, CVE-2012-0511, CVE-2012-0510
Oracle Database home Patch 13705478 CVE-2011-5035 OC4J 10.1.3.3 one-off patch
Oracle CRS home CRS 11.1.0.7.7 PSU Patch 11724953 Released April 2011 Non-security content only
Oracle Database home Patch 9288120 Released April 2011 Database UIXFor Oracle Secure Enterprise Search 11.1.2.x installations, follow the instructions given in MOS note Note 1359600.1.
Oracle Database home Patch 10073948 Released April 2011 Enterprise Manager Database Control UIXNot applicable to Oracle Secure Enterprise Search 11.1.2.x
Oracle Database home Patch 11738232 Released April 2011 Warehouse BuilderNot applicable to Oracle Secure Enterprise Search 11.1.2.x

 

Patch Availability for Oracle Database 10.2.0.5

<
Product Home Patch Advisory Number Comments
Oracle Database home Database 10.2.0.5 CPU Patch 13632738, orDatabase 10.2.0.5.7 PSU Patch 13632743, orMicrosoft Windows (32-Bit) Bundle Patch 13654814, orMicrosoft Windows x64 (64-Bit) Bundle Patch 13654815, or

Microsoft Windows Itanium (64-Bit) Patch 13870404

CVE-2012-0552, CVE-2012-0534, CVE-2012-0528, CVE-2012-0527, CVE-2012-0526, CVE-2012-0520
Oracle Database home Patch 13705478 CVE-2011-5035 OC4J 10.1.3.4 one-off patch (Special OPatch needed, see README)