Oracle Critical Patch Update – April 2007

As part of security concern DBA has to apply Oracle Critical Patch regularly as and when there is critical security patch release from Oracle. Oracle started critical security patch in 2005 and since then there is four-security patches release every year. Year 2007 release dates are given :

• 17 July 2007
• 16 October 2007
• 15 January 2008
• 15 April 2008

Last we applied critical security patch July 2006. We are going to apply “Oracle Critical Patch Update – April 2007” with reference to URL http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html. Let’s navigate though given note and see what patches I need to apply.

Note: 420072.1

Subject : Oracle E-Business Suite Critical Patch Update Note April 2007

have following product installed in our environment.

• Oracle E-Business Suite Release 11i 11.5.10 CU2
• Oracle9i Enterprise Edition Release 9.2.0.8.0 - 64bit Production
• Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2

We have running Oracle E-Business Suite Rel. 11i so I am referring “Section 2, "Oracle E-Business Suite Release 11i"” of Note:420072.1. As per oracle guideline we should apply updates to systems that have highest risk first e.g. update systems that are external to firewall before upgrading internal network system. It our environment we do not have any external system but in future we are going to have (currently working on DMZ also).

Oracle has recommended patching Oracle environment in given order and I follow same.

1. Oracle Database
2. Oracle Application Server
3. Oracle E-Business Suite

Patching Considerations for Oracle E-Business Suite Release 11i

Oracle Database and Oracle Application Server critical patches are cumulative, which means it includes all patches for fixes from earlier Oracle critical security patch updates. CPU patches for Oracle E-Business Suite 11i are generally not cumulative, that means one has to refer earlier critical updates and apply all the e-business suite critical patches in chronological order.

In my case I had applied Critical update patch July 2006 and now I need to apply Critical update patch Apr 2007. Oracle has released critical update patch Jan 2006. So in this case I should apply patches as given below.

1. Database Critical Update patches is cumulative so I need not to apply Critical update patch Jan 2007. I should apply only critical update patch Apr 2007.
2. Oracle Applications Server Critical Update patches is cumulative so I need not to apply Critical update patch Jan 2007. I should apply only critical update patch Apr 2007.
3. Oracle E-Business Suite Critical Update patches is not cumulative so I need to apply Critical update patch Oct 2006 and Jan 2007 before apply Critical update patch Apr 2007.

As per Note: 420072.1 Release 11.5.10 applications upgraded to release 11.5.10 CU2 without apply CPUApr2007 must now apply CPUApr2007. E-Business Suite are not cumulative, so one should apply prior CPUs as appropriate before applying CPUApr2007.

Stop all process running using that Oracle home before patching. Patch one oracle home at a time.

Oracle recommends to update database tier and the middle tier at same time, one after the other. After applying patch start services in following order. We have only these two components in our environment.

1. Oracle Database
2. Oracle Application Server

‘opatch’ is required to apply database patch.

$ pwd

/local/oracle/product/9.2.0.8/OPatch

$ opatch -version

Oracle Interim Patch Installer version 1.0.0.0.56

Oracle recommends to use OPatch release 1.0.0.0.57 so need to install patch 2617419

Patches to be applied in Ebusiness Suit.

Noteà We are Running Ebusiness Suite in HP-UX 11i environment.

Oracle Database Patches

Oracle Database 9.2.0.8 Rel Patch 5901875

Oracle HTTP Server Patche

According to note “There are no new patches for CPUApr2007. Please uptake the patches listed for this release in CPUJan2007. See Note 402670.1: Oracle E-Business Suite Critical Patch Update Note January 2007”

As per Note 402670.1

1. If you have not already done so, upgrade to release 1.0.2.2.x. See Note 146468.1.
2. Upgrade to Oracle8i Database release 8.1.7.4 using patch 2376472 if your Oracle Database Client release is earlier than release 8.1.7.4. See Note 309026.1.
3. Apply CPUJan2007 patch 5700129 to the Oracle Application Server Oracle home.

We have applied upgraded to Orace8i 8.1.7.4 home using patch 2376472 so I need to apply only CPUJan2007 patch 5700129.

Oracle Developer Suite Patches

We are at Oracle Developer Suite Release 6.0.8.27.0. According to Note 402670.1 “There are no new patches for CPUApr2007. Please uptake the following patches which were listed for this release in CPUJan2007. “

• Oracle Forms (HP-UX): 5687261

JInitiator Patches

We are using Jinitiator Release 1.3.1.26 and as Note 402670.1 “Per Oracle policy, customers on Oracle JInitiator Release 1.3 must move to version 1.3.1.26 or higher for CPUApr2007.” Refer to Note 124606.1 and Note 232200.1 for more information.

We’ll upgrade Jinitator Release from 1.3.1.26 to 1.3.1.28.

As per Note 124606.1 I need to apply following patches to upgrade Jinitiator to 1.3.1.28.

JInitiatorVersion JInitiator Patch Interop Patch

1.3.1.28 5882294 5117525

Apart from above patches following patches are required for respective product users. I am listing only those patches, which are applicable in our environment.

Oracle Applications Framework Navigator Page

• If you are using Oracle Applications prior to 11.5.10.2CU, please apply patch 4517707.

General Ledger Hierarchy Manager / Financial Intelligence - Financial Dimension Hierarchy Manager Users

• If you are upgrading to JInitiator 1.3.1.x and are using Oracle Applications Framework 5.7 or later, you must apply patch 3698893.

Oracle E-Business Suite Release 11i Patches

Oracle CPUApr2007 patches for E-Business Suite Release 11i are not generally cumulative. We need to apply the previous critical patch updates and Oracle security alerts related to ebusiness Suite before applying this critical patch update.

In my case I need to apply following patches.

E-Business Suite Critical Patch October 2006

5486407

5479643 Superceded by 5473858 (11i.ATG_PF.H.RUP5)

5500118 Superceded by 5473858 (11i.ATG_PF.H.RUP5)

5335967

E-Business Suite Critical Patch January 2007

• 5571208 Superceded by 5473858
• If your instance is at 11i.BNE.D, then apply patch 5518587 Supercede by patch 5473858
• 5658489
• 3748835
• 5711485

E-Business Suite Critical Patch April 2007

Patch 5021981 (FND)

Release 11.5.10 CU2

• 5893391
• 5900224
• 5352601
• 5720979
• 5738134
• 5909233
• 5873313
• 5904576
• 5967405

Oracle E-Business Suite 11i with 11i.ATG_PF.H RUP4 (4676589) installed

• 5873313
• 5904576
• 5900224
• 5938358

Any other patches listed for the Oracle E-Business Suite Release 11i base release on which 11i.ATG_PF.H RUP4 is installed.

Reference:

• Note:402670.1 Oracle E-Business Suite Critical Patch Update Note January 2007
• Note:420072.1 Oracle E-Business Suite Critical Patch Update Note April 2007