Oracle Security Patch October 2013 has been released


On 15. October 2013 Oracle released the quarterly Security Patch for October 2013.

How to patch, see here.

At same time the following PSUs for Database and Clusterware/Grid Infrastructure has been released:

Unix/Linux Systems:

  • 12.1.0.1.0 PSU 1 (12.1.0.1.1)  (DB: 17027533, GI: 17272829)
    actual available for:
    • Linux x86-64
    • Solaris x86-64
    • Solaris SPARC (64Bit)
  • 11.2.0.3.0 PSU 8 (11.2.0.3.8)  (DB:  16902043, GI: 17272731)
  • 11.2.0.2.0 PSU 12 (11.2.0.2.12)  (DB:  17082367, GI: 17272753)
  • 11.1.0.7.0 PSU 16 (11.1.0.7.16) (DB:  17082366, CRS: 11724953)

Windows Systems:

For 10g Customers:

The PSU July 2013 was the final PSU for Oracle 10gR2 Database (10.2.0.4.0 & 10.2.0.5.0). So the final version is:

Unix/Linux

  • 10.2.0.5.0 PSU 12
  • 10.2.0.4.0 PSU 17

Windows

  • 10.2.0.5 BP 23 (32 Bit)
  • 10.2.0.5 BP 22 (64 Bit) (Maybe there will be a BP 23, Documentation is inconsistent)
  • 10.2.0.4 BP 50 (32 Bit)
  • 10.2.0.4 BP 49 (64 Bit) (Maybe there will be a BP 50, Documentation is inconsistent)

Common Vulnerabilities and Exposures (CVE) fixed in these patches:

  • CVE-2011-3389
  • CVE-2013-0169
  • CVE-2013-3762
  • CVE-2013-5766
  • CVE-2013-5827
  • CVE-2013-5828

Limitations:

  • Patch Set Update (PSU) patches are cumulative.
  • This patch is Oracle RAC Rolling Installable.
  • This patch is Data Guard Standby-First Installable.

IMPORTANT:
This patch contains a security fix due to which a SELECT query’s plan MAY change under the following conditions:

  • The SELECT queries a table protected with a Fined Grained Auditing policy
  • And the policy condition is NULL

Refer to My Support notice for more information:

  • Bug 17027533 – 12.1.0.1.1 (Oct 2013) Database Patch Set Update (PSU) [ID 17027533.8]
  • Oracle Database Patch Set Update 12.1.0.1.1 Known Issues (Doc ID 1571651.1)
  • Bug 16902043 – 11.2.0.3.8 (Oct 2013) Database Patch Set Update (PSU) [ID 16902043.8]
  • Oracle Database Patch Set Update 11.2.0.3.8 Known Issues (Doc ID 1571650.1)
  • Patch Set Update and Critical Patch Update October 2013 Availability Document (Doc ID 1571391.1)

The new release, new Bugs here the list of the Multitenant Bugs, which has been fixed:

16427054 - SR12.1.0.2PX_HYBRID_LOAD - TRC - KPDBIDTONAME
16443657 - CDB: OCITRANSCOMMIT() IS ABLE TO COMMIT FROM WRONG CONTAINER
16457621 - W2K8_12.1_CDB: ORA-600 [KKAEGEN_GET_EDITION_NAME_3] TERMINATE INSTANCE
16459685 - CDB (NON RAC) : ORA-44310 AND ORA-07445:[KSPGIP()+106] [SIGSEGV]
16483559 - CDB:COMMON USER NOT SYNCED ON PDB OPEN WITH FORCE OPTION
16485876 - FIRE LOGON TRIGGER DOING DDL IN OTHER CONTAINER GIVES ORA-600 [KTSSCNI1],
16603924 - XSTRM CDB W/ UPG'D PDBS, CREATE_OUTBOUND => ORA-600 [KKAEGEN_GET_EDITION_NAME_1]
16660558 - CDB: ORA-7445 [KSFD_IO] & [KSLWS_DMP_SESS_WAITSTACK] IN CREATE PDB UNDO CALLBACK
16663303 - SR12.1UPD-PLUGIN:DBMS_EDITIONS_UTILITIES FAILS WITH ORA-38817: INSUFFICIENT PRIV
16663465 - SR12.1UPD-PLUGIN -TRC -ORA-600KKDLGETBASEUSER2:AUTHIDTYPE/ORA-04024 SELF-DEADLOC
16675710 - CDB: ORA-7445 [KSUSDIINPROGRESS()+47] [SIGSEGV] [ADDR:0X18] [PC:0XB35190F]
16689109 - INVALID OBJECTS OCCUR WHEN UPGRADING IN A CDB
16697600 - CDB: "ALTER PDB ALL OPEN INSTANCES = ALL" ERRORS IF ALL OPEN ALREADY
16698577 - FA + REDACT: ORA-10387 AND ORA-600 [KGLRELEASEHANDLEREFERENCE1]
16705020 - LNX64-12.1-CDB: HIT ORA-7445 [KSP_PDB_SPFILE_INSERT] WHEN CREATING PDB
16707927 - PKT : ORA-600 [2130] - TRC - KCCUGG
16712618 - CDB:ORPHANED USER CAN BE UNLOCKED
16715647 - CDB-ADG:RESTRICTED OPEN FORCE FOR MULTIPLE PDBS DOES NOT WORK
16730813 - CDB:ORA-65144 WHEN DISABLING RESTRICTED SESSION IN ROOT
16772060 - TT12.1SQLFUZZ2: DBMS_PDB.SYNC_PDB THROWS ORA-600 [KGHSTACK_UNDERFLOW_INTERNAL_1]
16784167 - CDB(NON-RAC):ORA-00600: INTERNAL ERROR CODE, ARGUMENTS: [2801], [], [], [], [],
16784901 - TT12.1SQLFUZZ2: DESC ON RECREATED SUPPLIED OBJ THROWS ORA-7445 [KQLPRFD()+121]
16795944 - TT12.1SQLFUZZ2: PDB OPEN CRASHES AFTER LICENSE_MAX_USERS SET TO LESS THAN CURREN
16825779 - COMMON PROFILE RESOURCE LIMIT FOR PASSWORD VERIFY FUNCTION DISPLAYS FROM ROOT
16836849 - PHSB: CDB ORA-00600:[KTCALLOCXCB] DURING DB OPEN
16859937 - CDB: LOCAL USER CONVERTED TO COMMON
16902138 - RAC: ORA-7445 [RPIDRV] AFTER DROPPING A PDB
16921340 - CDB EXIT: NON-CDB TO PDB PLUGIN HANGS
16935643 - GOT ORA-600 [KQLUDP2] , [0X16EB753A8], [4] WHILE UPGRADING A PDB
16946613 - TT12.1SQLFUZZ2: CMN USER WHICH WAS LOCAL PRIOR TO SYNC NOT SYNCED ON PDB OPEN
16946990 - UNABLE TO INSTALL APEX IN LOCAL PDB 12C DATABASE.RAISES ORA-65050
16993424 - CDB: ORA-600 [KKAEGEN_GET_EDITION_NAME_3], [3]
16994576 - CDB(NON-RAC): ORA-600 [KQLBBOTADD:3]
17000176 - HANG INSIDE CATCDB_INT.SQL CALLED USING CATCON.PL
16911800 - Fix for bug 16911800
16919176 - Fix for bug 16919176

Oracle Security Patch July 2013 has been released


(Is now superseeded by October 2013 PSU -> See here)

On 16. July 2013 Oracle Released the quarterly Security Patch for July 2013.

At same time the following PSUs for Database and Clusterware/GridInfrastructure has been released:

  • 11.2.0.3.0 PSU 7 (11.2.0.3.7)
  • 11.2.0.2.0 PSU 11 (11.2.0.2.11)
  • 11.1.0.7.0 PSU 16 (11.1.0.7.16)
  • 10.2.0.5.0 PSU 12 (10.2.0.5.12)
  • 10.2.0.4.0 PSU 17 (10.2.0.4.17) for several platforms

Refer to My Support notice for more information:

  • Bug 16619892 – 11.2.0.3.7 (Jul 2013) Database Patch Set Update (PSU) [ID 16619892.8]
  • Oracle Database Patch Set Update 11.2.0.3.7 Known Issues [ID 1546433.1]

IMPORTANT: Update from 2th August 2013:
Patch 17230530 Is a Recommended Patch for PSU 11.2.0.3.7

  • Bug 17230530 – ORA-600 [kkzqid2fro] after apply 11.2.0.3.7 psu patch
  • PSU 11.2.0.3.8 onwards includes a fix for bug 17230530 [ID 17230530.8]