Patching Oracle databases requires careful planning and testing to avoid issues. The presenter discusses several cases where patching went wrong due to missing dependencies like OraInventory, lack of disk space, or failure to complete all steps. Key lessons are to verify prerequisites, have the correct patch, fully document the process, and finish all steps to prevent partially applied patches from causing problems.

1. Oracle RDBMS Patching Brian Hitchcock OCP 8, 8i, 9i DBA Sun Microsystems [email_address] [email_address] NoCOUG Brian Hitchcock May 6, 2004 Page

14. Security Alerts Doc 229285.1 Security Alert #49: Buffer Overflow in Oracle Database Doc 229284.1 Security Alert #48: Buffer Overflow in Oracle Database Doc 224215.1 Security Alert #47: Vulnerabilities in Oracle 9i Application Server Doc 216775.1 Security Alert #46: Buffer Overflow in iSQL*Plus (Oracle9i Database Server) Doc 214356.1 Security Alert #45: Security Release of Apache 1.3.27 Doc 213415.1 Security Alert #44: Unauthorized Access Vulnerability in the Oracle E-Business Doc 213413.1 Security Alert #43: Oracle9i Application Server - Web Cache Administration Tool Crash on Malformed Request Doc 213411.1 Security Alert #42: Security Vulnerability in Oracle Net Doc 207272.1 Security Alert #41: Oracle9i Application Server Oracle Java Server Page Demos Vulnerability Doc 207269.1 Security Alert #40: Oracle Net Listener Vulnerabilities Doc 207271.1 Security Alert #39: Oracle9i Application Server - Web Cache Administrator Password Not Encrypted Doc 207268.1 Security Alert #38: Security vulnerability in Oracle Net Doc 206034.1 Security Alert #37: OpenSSL Security Vulnerability Doc 200873.1 Security Alert #36: Security Vulnerability in Apache HTTP Server of Oracle9iAS Doc 198531.1 Security Alert #35: Buffer Overflow Vulnerability in Oracle9iAS Reports Doc 198544.1 Security Alert #34: Security Vulnerability in Oracle Net (Oracle9i Database Server) Doc 185074.1 Security Alert #33: User Privileges Vulnerability in Oracle9i Database Server Doc 185073.1 Security Alert #32: Unauthorized Access Vulnerability in the Oracle E-Business Suite Doc 182244.1 Security Alert #31: Oracle Configurator Security Issue: Potential Cross-site Scripting Attacks Doc 183556.1 Security Alert #30: SNMP Vulnerability in Oracle Enterprise Manager, Master_Peer Agent Doc 175429.1 Security Alert #29: ALERT: Oracle PL/SQL extproc in Oracle 9i, Oracle 8i and Oracle8 Database

15. Security Alerts Doc 175428.1 Security Alert #28: Vulnerabilities in Oracle mod_plsql and JSP in Oracle 9iAS V1.0.2.x Doc 169628.1 Security Alert #27: Vulnerabilities in Oracle 9i Application Server Web Cache Doc 168862.1 Security Alert #26: Potential DoS Vulnerability in Oracle9i Application Server Doc 168863.1 Security Alert #25: Vulnerabilities in MODPLSQL No Doc Security Alert #24: Skipped Multiple Doc (Security Alert #23 is split into 3 documents on MetaLink) Doc 167001.1 Security Alert #23: Oracle Home Environment Variable Buffer Overflow Doc 167004.1 Security Alert #23: CHOWN Path Environment Variable Vulnerability Doc 167007.1 Security Alert #23: Oracle Home Environment Variable Validation Vulnerability Doc 166869.1 Security Alert #22: Security Implications of the Oracle9iAS v.1.0.2.2 Default SOAP Configuration Doc 163726.1 Security Alert #21: Oracle Label Security Mandatory Security Patch Doc 163727.1 Security Alert #20: Oracle File Overwrite Security Vulnerability Doc 163728.1 Security Alert #19: Oracle Trace Collection Security Vulnerability Doc 163729.1 Security Alert #18: Oracle9iAS Web Cache Overflow Vulnerability