oracle数据库高危漏洞补丁集安装

本文涉及的产品
云原生数据仓库AnalyticDB MySQL版,基础版 8ACU 100GB 1个月
简介: ——记一次ORACLE数据库使用opatch升级PSU的过程 目的:使用oracle自带工具opatch对oracle数据库软件应用高危漏洞补丁集PSU,修复oracle数据库高危漏洞,规避由于普通用户具有业务用户数据表的查询权限, 绕过数据库安全机制对业务用户数据表进行增、删、改操作的隐患。
——记一次ORACLE数据库使用opatch升级PSU的过程
目的:使用oracle自带工具opatch对oracle数据库软件应用高危漏洞补丁集PSU,修复oracle数据库高危漏洞,规避由于普通用户具有业务用户数据表的查询权限,
绕过数据库安全机制对业务用户数据表进行增、删、改操作的隐患。
风险:
1、本次整改中需要启停数据库

2、对 ORACLE数据库应用 PSU补丁集可能会引入新的 BUG
前期准备:
     操作系统版本:
[oracle@orcl11204 20299013]$ uname -a
Linux orcl11204 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:41:04 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
    OPatch软件客户端版本:
[oracle@orcl11204 20299013]$ export PATH=$ORACLE_HOME/OPatch:$PATH
[oracle@orcl11204 20299013]$opatch version
OPatch Version: 11.2.0.3.4
OPatch succeeded.
     数据库版本:
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> select ACTION_TIME, ACTION, COMMENTS from sys.DBA_REGISTRY_HISTORY;
ACTION_TIME       ACTION    COMMENTS
------------------------------ -------------------- ------------------------------
24-AUG-13 12.03.45.119862 PM   APPLY    Patchset 11.2.0.2.0
29-JUN-15 05.15.49.338988 PM   APPLY    Patchset 11.2.0.2.0
SQL> select count(*) from dba_objects where status'VALID';
  COUNT(*)
----------
0
SQL>select object_name,object_type,owner,status 
from dba_objects where status'VALID';
no rows selected

     准备高危漏洞补丁包
p20299013_112040_Linux-x86-64.zip(patch号参考文档 756671.1.html)
      根据漏洞补丁集安装要求opatch的版本最低位11.2.0.3.6,因此需要准备

    p6880880_112000_Linux-x86-64.zip
高危漏洞的模拟测试
[oracle@orcl11204]$ sqlplus / as sysdba 
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jun 10 13:43:22 2015 
Copyright (c) 1982, 2011, Oracle.  All rights reserved. 
Connected to: 
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL>create user test identified by test; 
user created. 
SQL>grant dba to test; 
Grant succeeded. 
SQL>conn test/test 
Connected. 
SQL>create table t(id number); 
Table created. 
SQL>insert into t values(1); --插入5条 
1 row created. 
SQL>commit; 
Commit complete. 
  [oracle@orcl11g database]$ sqlplus / as sysdba 
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jun 10 13:43:22 2015 
Copyright (c) 1982, 2011, Oracle.  All rights reserved. 
Connected to: 
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL> create user test_update identified by test_update; 
User created. 
SQL> grant select on test.t to test_update; 
Grant succeeded. 
SQL>  grant create session to test_update; 
Grant succeeded. 
SQL> conn test_update/test_update 
Connected. 
SQL> select count(*) from test.t; 
COUNT(*) 
---------- 
    5
SQL> update (with tmp as (select id from test.t) select id from tmp) set id=10 where id = 1; 
1 row updated. 
SQL> commit; 
Commit complete. 
SQL> delete (with temp as (select * from test.t) select id from temp) where id = 2; 
1 row deleted. 
SQL> commit; 
Commit complete. 
SQL>  insert into (with temp as (select * from test.t) select * from temp) select *   
from test.t where id =1; 
0 rows created. 
SQL> commit; 
Commit complete. 
由上DML执行及结果部分可知,普通拥有对业务用户下表的查询权限可以通过构造临时表对业务数据表进
行DML操作,该漏洞很危险。 
以下是漏洞补丁安装及补丁安装完毕后的验证:
关闭数据库实例及监听程序,如果EM开启,也要关闭EM
[oracle@orcl11204 20299013]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 29 17:48:47 2015
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@orcl11204 20299013]$ lsnrctl statu
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-JUN-2015 17:50:59
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=orcl11204)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                29-JUN-2015 16:51:52
Uptime                    0 days 0 hr. 59 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/oracle/product/11.2.0.4/db/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/orcl11204/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orcl11204)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
根据readme的提示更新OPatch即将p6880880_112000_Linux-x86-64.zip上传解压并替换$ORACLE_HOME下的OPatch,注意先备份原有的OPatch以方便回退还原
[oracle@orcl11204 ~]$ opatch version
OPatch Version: 11.2.0.3.11
OPatch succeeded.
根据readme的提示先做安装前的预检,注意如果没有更新OPatch,预检能够通过,但是应用补丁集的时候会报错退出
[oracle@orcl11204 20299013]$ opatch prereq CheckConflictAgainstOHWithDetail -ph ./
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
PREREQ session
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-46-33PM_1.log
Invoking prereq "checkconflictagainstohwithdetail"
Prereq "checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.
[oracle@orcl11204 20299013]$ ps -ef|grep ora_
oracle    1757 24201  0 17:51 pts/2    00:00:00 grep ora_
[oracle@orcl11204 20299013]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-51-23PM_1.log
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckMinimumOPatchVersion" failed.
The details are:
The OPatch being used has version 11.2.0.3.4 while the following patch(es) require higher versions: 
Patch 17478514 requires OPatch version 11.2.0.3.5.
Patch 18031668 requires OPatch version 11.2.0.3.5.
Patch 18522509 requires OPatch version 11.2.0.3.5.
Patch 19121551 requires OPatch version 11.2.0.3.5.
Patch 19769489 requires OPatch version 11.2.0.3.5.
Patch 20299013 requires OPatch version 11.2.0.3.5.
Please download latest OPatch from My Oracle Support.
UtilSession failed: Prerequisite check "CheckMinimumOPatchVersion" failed.
Log file location: /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-51-23PM_1.log
OPatch failed with error code 73
以下是更新完OPatch的安装过程
[oracle@orcl11204 ~]$ ls
20299013  database  p20299013_112040_Linux-x86-64.zip  p6880880_112000_Linux-x86-64.zip  PatchSearch.xml
[oracle@orcl11204 ~]$ mv p6880880_112000_Linux-x86-64.zip $ORACLE_HOME
[oracle@orcl11204 ~]$ cd $ORACLE_HOME
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch                            plsql         srvm
assistants   cv           ide            lib      opmn                              precomp       suptools
bin          dbs          install        log      oracore                           racg          sysman
ccr          dc_ocm       instantclient  md       oraInst.loc                       rdbms         timingframework
cdata        deinstall    inventory      mesg     orcl11204_db11204                 relnotes      ucp
cfgtoollogs  demo         j2ee           mgw      ord                               root.sh       uix
clone        diagnostics  javavm         network  oui                               scheduler     usm
config       dv           jdbc           nls      owb                               slax          utl
crs          emcli        jdev           oc4j     owm                               sqldeveloper  wwg
csmig        EMStage      jdk            odbc     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
css          has          jlib           olap     perl                              sqlplus
[oracle@orcl11204 db]$ mv OPatch OPatch11204bak
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch11204bak                    plsql         srvm
assistants   cv           ide            lib      opmn                              precomp       suptools
bin          dbs          install        log      oracore                           racg          sysman
ccr          dc_ocm       instantclient  md       oraInst.loc                       rdbms         timingframework
cdata        deinstall    inventory      mesg     orcl11204_db11204                 relnotes      ucp
cfgtoollogs  demo         j2ee           mgw      ord                               root.sh       uix
clone        diagnostics  javavm         network  oui                               scheduler     usm
config       dv           jdbc           nls      owb                               slax          utl
crs          emcli        jdev           oc4j     owm                               sqldeveloper  wwg
csmig        EMStage      jdk            odbc     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
css          has          jlib           olap     perl                              sqlplus
[oracle@orcl11204 db]$ unzip p6880880_112000_Linux-x86-64.zip 
Archive:  p6880880_112000_Linux-x86-64.zip
   creating: OPatch/
  inflating: OPatch/operr.bat        
  inflating: OPatch/opatch.bat       
   creating: OPatch/crs/
  inflating: OPatch/crs/OsysModel.jar  
  inflating: OPatch/crs/installPatch.excl  
  inflating: OPatch/crs/patchDB.pl   
  inflating: OPatch/crs/CRSProductDriver.jar  
  inflating: OPatch/crs/patch112.pl  
  inflating: OPatch/crs/auto_patch.pl  
  inflating: OPatch/crs/opatchauto   
   creating: OPatch/crs/log/
  inflating: OPatch/crs/patch11203.pl  
  inflating: OPatch/crs/driver.jar   
  inflating: OPatch/crs/patch11202.pl  
  inflating: OPatch/emdpatch.pl      
  inflating: OPatch/README.txt       
   creating: OPatch/docs/
  inflating: OPatch/docs/Users_Guide.txt  
  inflating: OPatch/docs/Prereq_Users_Guide.txt  
  inflating: OPatch/docs/cversion.txt  
  inflating: OPatch/docs/FAQ         
 extracting: OPatch/version.txt      
   creating: OPatch/opatchprereqs/
   creating: OPatch/opatchprereqs/oui/
  inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml  
   creating: OPatch/opatchprereqs/opatch/
  inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch/rulemap.xml  
  inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml  
  inflating: OPatch/opatchprereqs/prerequisite.properties  
   creating: OPatch/opatchauto-dir/
   creating: OPatch/opatchauto-dir/opatchautocore/
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/ProductDriver.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/oplan_core.jar  
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/apache-commons/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/OsysModel.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/automation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/patchsdk.jar  
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/activation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/osysmodel-utils.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/bundle.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/Validation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/ValidationRules.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/com.oracle.glcm.common-logging_1.0.0.0.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/oplan  
  inflating: OPatch/opatchauto-dir/opatchautocore/oplan.bat  
  inflating: OPatch/opatchauto-dir/opatchautocore/README.txt  
  inflating: OPatch/opatchauto-dir/opatchautocore/README.html  
  inflating: OPatch/opatchauto-dir/opatchautocore/opatchautobinary  
   creating: OPatch/opatchauto-dir/opatchautodb/
   creating: OPatch/opatchauto-dir/opatchautodb/jlib/
  inflating: OPatch/opatchauto-dir/opatchautodb/jlib/oracle.oplan.db.classpath.jar  
  inflating: OPatch/opatchauto-dir/opatchautodb/jlib/oplan_db.jar  
   creating: OPatch/jlib/
  inflating: OPatch/jlib/oracle.opatch.classpath.jar  
  inflating: OPatch/jlib/opatch.jar  
  inflating: OPatch/jlib/opatchsdk.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.unix.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.windows.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar  
   creating: OPatch/scripts/
  inflating: OPatch/scripts/opatch_wls  
  inflating: OPatch/scripts/opatch_jvm_discovery.bat  
  inflating: OPatch/scripts/opatch_wls.bat  
  inflating: OPatch/scripts/opatch_jvm_discovery  
   creating: OPatch/oplan/
  inflating: OPatch/oplan/oplan.bat  
   creating: OPatch/oplan/jlib/
   creating: OPatch/oplan/jlib/jaxb/
  inflating: OPatch/oplan/jlib/jaxb/activation.jar  
  inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/oplan/jlib/OsysModel.jar  
  inflating: OPatch/oplan/jlib/JMXDrivers.jar  
  inflating: OPatch/oplan/jlib/Validation.jar  
  inflating: OPatch/oplan/jlib/automation.jar  
  inflating: OPatch/oplan/jlib/bundle.jar  
  inflating: OPatch/oplan/jlib/oplan.jar  
  inflating: OPatch/oplan/jlib/CRSProductDriver.jar  
  inflating: OPatch/oplan/jlib/OuiDriver.jar  
  inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/oplan/jlib/patchsdk.jar  
  inflating: OPatch/oplan/jlib/osysmodel-utils.jar  
  inflating: OPatch/oplan/jlib/ValidationRules.jar  
   creating: OPatch/oplan/jlib/apache-commons/
  inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/oplan/jlib/EMrepoDrivers.jar  
  inflating: OPatch/oplan/README.html  
  inflating: OPatch/oplan/oplan      
  inflating: OPatch/oplan/README.txt  
  inflating: OPatch/operr            
  inflating: OPatch/opatch           
  inflating: OPatch/opatchdiag.bat   
  inflating: OPatch/operr_readme.txt  
  inflating: OPatch/opatchdiag       
  inflating: OPatch/opatch.pl        
   creating: OPatch/ocm/
   creating: OPatch/ocm/lib/
  inflating: OPatch/ocm/lib/emocmclnt.jar  
  inflating: OPatch/ocm/lib/log4j-core.jar  
  inflating: OPatch/ocm/lib/regexp.jar  
  inflating: OPatch/ocm/lib/emocmcommon.jar  
  inflating: OPatch/ocm/lib/osdt_core3.jar  
  inflating: OPatch/ocm/lib/jsse.jar  
  inflating: OPatch/ocm/lib/http_client.jar  
  inflating: OPatch/ocm/lib/osdt_jce.jar  
  inflating: OPatch/ocm/lib/emocmclnt-14.jar  
  inflating: OPatch/ocm/lib/jnet.jar  
  inflating: OPatch/ocm/lib/jcert.jar  
  inflating: OPatch/ocm/lib/xmlparserv2.jar  
 extracting: OPatch/ocm/ocm.zip      
   creating: OPatch/ocm/bin/
  inflating: OPatch/ocm/bin/emocmrsp  
  inflating: OPatch/ocm/ocm_platforms.txt  
   creating: OPatch/ocm/doc/
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch                            perl          sqlplus
assistants   cv           ide            lib      OPatch11204bak                    plsql         srvm
bin          dbs          install        log      opmn                              precomp       suptools
ccr          dc_ocm       instantclient  md       oracore                           racg          sysman
cdata        deinstall    inventory      mesg     oraInst.loc                       rdbms         timingframework
cfgtoollogs  demo         j2ee           mgw      orcl11204_db11204                 relnotes      ucp
clone        diagnostics  javavm         network  ord                               root.sh       uix
config       dv           jdbc           nls      oui                               scheduler     usm
crs          emcli        jdev           oc4j     owb                               slax          utl
csmig        EMStage      jdk            odbc     owm                               sqldeveloper  wwg
css          has          jlib           olap     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
[oracle@orcl11204 20299013]$ opatch version
OPatch Version: 11.2.0.3.11
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch prereq CheckConflictAgainstOHWithDetail -ph ./
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
PREREQ session
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-52-51PM_1.log
Invoking prereq "checkconflictagainstohwithdetail"
Prereq "checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-53-23PM_1.log
Verifying environment and performing prerequisite checks...
OPatch continues with these patches:   17478514  18031668  18522509  19121551  19769489  20299013  
Do you want to proceed? [y|n]
y
User Responded with: Y
All checks passed.
Provide your email address to be informed of security issues, install and
initiate Oracle Configuration Manager. Easier for you if you use your My
Oracle Support Email address/User Name.
Visit http://www.oracle.com/support/policies.html for details.
Email address/User Name: 
You have not provided an email address for notification of security issues.
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]:  y
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/opt/oracle/product/11.2.0.4/db')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Applying sub-patch '17478514' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.sdo, 11.2.0.4.0...
Patching component oracle.sysman.agent, 10.2.0.4.5...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.sdo.locator, 11.2.0.4.0...
Patching component oracle.nlsrtl.rsf, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '18031668' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.ldap.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.crs, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.ldap.rsf.ic, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '18522509' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '19121551' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.sysman.console.db, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.ordim.client, 11.2.0.4.0...
Patching component oracle.ordim.jai, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '19769489' to OH '/opt/oracle/product/11.2.0.4/db'
ApplySession: Optional component(s) [ oracle.sysman.agent, 11.2.0.4.0 ]  not present in the Oracle Home or a higher version is found.
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.ovm, 11.2.0.4.0...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.rdbms.util, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.xdk.parser.java, 11.2.0.4.0...
Patching component oracle.oraolap, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '20299013' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms.dv, 11.2.0.4.0...
Patching component oracle.rdbms.oci, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.sysman.agent, 10.2.0.4.5...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.sysman.common, 10.2.0.4.5...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.xdk.parser.java, 11.2.0.4.0...
Patching component oracle.sysman.console.db, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.sysman.common.core, 10.2.0.4.5...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Composite patch 20299013 successfully applied.
Log file location: /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-53-23PM_1.log
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch lsinventory
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_19-07-44PM_1.log
Lsinventory Output file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/lsinv/lsinventory2015-06-29_19-07-44PM.txt
--------------------------------------------------------------------------------
Local Machine Information::
Hostname: orcl11204
ARU platform id: 226
ARU platform description:: Linux x86-64
Installed Top-level Products (1): 
Oracle Database 11g                                                  11.2.0.4.0
There are 1 products installed in this Oracle Home.
Interim patches (1) :
Patch  20299013     : applied on Mon Jun 29 19:00:43 CST 2015
Unique Patch ID:  18573940
Patch description:  "Database Patch Set Update : 11.2.0.4.6 (20299013)"
   Created on 4 Mar 2015, 02:27:44 hrs PST8PDT
Sub-patch  19769489; "Database Patch Set Update : 11.2.0.4.5 (19769489)"
Sub-patch  19121551; "Database Patch Set Update : 11.2.0.4.4 (19121551)"
Sub-patch  18522509; "Database Patch Set Update : 11.2.0.4.3 (18522509)"
Sub-patch  18031668; "Database Patch Set Update : 11.2.0.4.2 (18031668)"
Sub-patch  17478514; "Database Patch Set Update : 11.2.0.4.1 (17478514)"
   Bugs fixed:
     17288409, 17798953, 18273830, 18607546, 17811429, 17205719, 20506699
     17816865, 19972566, 17922254, 17754782, 16384983, 17726838, 13364795
     16934803, 17311728, 17284817, 17441661, 17360606, 13645875, 18199537
     16992075, 16542886, 17446237, 14015842, 17889549, 14565184, 19972569
     17071721, 20299015, 17610798, 17375354, 17449815, 17397545, 19463897
     18230522, 13866822, 17235750, 17982555, 16360112, 18317531, 17478514
     19769489, 12905058, 14338435, 18235390, 13944971, 18641451, 20142975
     17811789, 16929165, 18704244, 12747740, 18430495, 20506706, 17546973
     14054676, 17088068, 17346091, 18264060, 17016369, 17042658, 17343514
     14602788, 19972568, 19680952, 18471685, 19788842, 18508861, 14657740
     17332800, 19211724, 13837378, 13951456, 16315398, 17186905, 18744139
     19972564, 16850630, 18315328, 17437634, 19049453, 18673304, 17883081
     19006849, 19915271, 19013183, 18641419, 17296856, 18674024, 18262334
     17006183, 18277454, 16833527, 17232014, 16855292, 10136473, 17762296
     14692762, 17705023, 18051556, 17865671, 17852463, 18554871, 17853498
     19121551, 18334586, 19854503, 17551709, 19309466, 17588480, 19827973
     17344412, 17842825, 18828868, 18681862, 18554763, 17390160, 18456514
     16306373, 17025461, 13955826, 18139690, 11883252, 13609098, 17501491
     17239687, 17752121, 17299889, 17602269, 19197175, 17889583, 18316692
     17313525, 18673325, 12611721, 19544839, 18293054, 17242746, 18964939
     17600719, 18191164, 19393542, 17571306, 18482502, 19466309, 17951233
     17649265, 18094246, 19615136, 17040527, 17011832, 17165204, 18098207
     16785708, 16870214, 17465741, 16180763, 17174582, 17477958, 12982566
     16777840, 18522509, 20631274, 16091637, 17323222, 19463893, 16595641
     16875449, 12816846, 16524926, 17237521, 18228645, 18282562, 17596908
     19358317, 17811438, 17811447, 17945983, 18762750, 17156148, 18031668
     16912439, 17184721, 16494615, 18061914, 17282229, 17545847, 18331850
     18202441, 17082359, 18723434, 19554106, 17614134, 13558557, 17341326
     14034426, 17891946, 18339044, 17716305, 19458377, 17752995, 16392068
     19271443, 17891943, 18092127, 17258090, 17767676, 16668584, 18384391
     17614227, 17040764, 16903536, 17381384, 14106803, 15913355, 18973907
     18356166, 18673342, 17389192, 14084247, 16194160, 17612828, 17006570
     20506715, 17721717, 13853126, 17390431, 18203837, 17570240, 14245531
     16043574, 16863422, 17848897, 17877323, 18325460, 19727057, 17468141
     17786518, 17912217, 16422541, 19972570, 17267114, 17037130, 18244962
     18765602, 18203838, 18155762, 16956380, 16198143, 17246576, 17478145
     17394950, 14829250, 18189036, 18641461, 18619917, 17835627, 17027426
     16268425, 18247991, 19584068, 14458214, 18436307, 17265217, 17634921
     13498382, 16692232, 17786278, 17227277, 16042673, 16314254, 17443671
     18000422, 16228604, 16837842, 17571039, 17393683, 16344544, 17787259
     18009564, 20074391, 14354737, 15861775, 18135678, 18614015, 16399083
     18362222, 18018515, 16472716, 17835048, 17050888, 17936109, 14010183
     17325413, 18747196, 17080436, 16613964, 17036973, 17761775, 16579084
     16721594, 17082983, 18384537, 18280813, 20296213, 17302277, 16901385
     18084625, 15979965, 15990359, 18203835, 17297939, 17811456, 16731148
     13829543, 14133975, 17215560, 17694209, 18091059, 17385178, 8322815
     17586955, 18441944, 17201159, 16450169, 9756271, 17655634, 19730508
     17892268, 18868646, 17648596, 16220077, 16069901, 11733603, 16285691
     17587063, 18180390, 16538760, 18193833, 17348614, 17393915, 17957017
     17274537, 18096714, 17308789, 17238511, 18436647, 17824637, 14285317
     19289642, 14764829, 17622427, 18328509, 16571443, 16943711, 14368995
     18306996, 17346671, 14852021, 18996843, 17783588, 16618694, 17853456
     18674047, 17672719, 18856999, 12364061, 18783224, 17851160, 17546761
--------------------------------------------------------------------------------
OPatch succeeded.
[oracle@orcl11204 20299013]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 29 19:08:09 2015
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area  726540288 bytes
Fixed Size    2256792 bytes
Variable Size  478150760 bytes
Database Buffers  243269632 bytes
Redo Buffers    2863104 bytes
Database mounted.
Database opened.
SQL> conn test_update/test_update
Connected.
SQL> update (with tmp as (select id from test.t) select id from tmp) set id=10 
where id = 1;
  2  update (with tmp as (select id from test.t) select id from tmp) set id=10
                                      *
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> 
SQL> select ACTION_TIME, ACTION, COMMENTS from sys.DBA_REGISTRY_HISTORY;
ACTION_TIME       ACTION    COMMENTS
------------------------------ -------------------- ------------------------------
24-AUG-13 12.03.45.119862 PM   APPLY    Patchset 11.2.0.2.0
29-JUN-15 05.15.49.338988 PM   APPLY    Patchset 11.2.0.2.0
SQL> select count(*) from dba_objects where status'VALID';
  COUNT(*)
----------
0
SQL>select object_name,object_type,owner,status 
from dba_objects where status'VALID';
no rows selected

到此高危漏洞集安装及安装后漏洞验证成功完成!

相关实践学习
AnalyticDB MySQL海量数据秒级分析体验
快速上手AnalyticDB MySQL,玩转SQL开发等功能!本教程介绍如何在AnalyticDB MySQL中,一键加载内置数据集,并基于自动生成的查询脚本,运行复杂查询语句,秒级生成查询结果。
阿里云云原生数据仓库AnalyticDB MySQL版 使用教程
云原生数据仓库AnalyticDB MySQL版是一种支持高并发低延时查询的新一代云原生数据仓库,高度兼容MySQL协议以及SQL:92、SQL:99、SQL:2003标准,可以对海量数据进行即时的多维分析透视和业务探索,快速构建企业云上数据仓库。 了解产品 https://www.aliyun.com/product/ApsaraDB/ads
目录
相关文章
|
12天前
|
SQL NoSQL 关系型数据库
超强数据库管理软件推荐-没有之一-还在用Navicat管理本地数据库的吗?还在为Navicat寻求绿色版或者购买正版的费用望而却步吗?DBeaver让你解决所有数据库本地编写问题-优雅草央千澈-DBeaver下载和安装
超强数据库管理软件推荐-没有之一-还在用Navicat管理本地数据库的吗?还在为Navicat寻求绿色版或者购买正版的费用望而却步吗?DBeaver让你解决所有数据库本地编写问题-优雅草央千澈-DBeaver下载和安装
超强数据库管理软件推荐-没有之一-还在用Navicat管理本地数据库的吗?还在为Navicat寻求绿色版或者购买正版的费用望而却步吗?DBeaver让你解决所有数据库本地编写问题-优雅草央千澈-DBeaver下载和安装
|
16天前
|
Oracle 关系型数据库 Linux
linux8安装oracle 11g遇到的问题记录
Oracle 11g在Linux 8上安装时会遇到link编译环节的问题。官方建议忽略安装中的链接错误,安装完成后应用DBPSU 11.2.0.4.240716补丁及一次性补丁33991024,再重新编译二进制文件,并配置监听器和数据库。但因11g已退出服务期,这些补丁需付费获取。网上信息显示22年1月的PSU补丁也可解决问题,找到该补丁后按常规方式打补丁即可。如有需求或疑问可咨询我。
57 20
|
1月前
|
存储 Oracle 关系型数据库
数据库数据恢复—ORACLE常见故障的数据恢复方案
Oracle数据库常见故障表现: 1、ORACLE数据库无法启动或无法正常工作。 2、ORACLE ASM存储破坏。 3、ORACLE数据文件丢失。 4、ORACLE数据文件部分损坏。 5、ORACLE DUMP文件损坏。
124 11
|
1月前
|
关系型数据库 MySQL Linux
MySQL数据库下载安装教程(Windows&Linux)
本文档详细介绍了MySQL的安装步骤,包括安装前的准备工作、下载安装包、Windows和Linux系统下的具体安装流程,以及如何配置MySQL服务、设置环境变量、启动服务和连接数据库等关键操作。
|
30天前
|
SQL Java 数据库连接
JDBC编程安装———通过代码操控数据库
本文,教你从0开始学习JBCD,包括驱动包的下载安装调试设置,以及java是如何通过JBDC实现对数据库的操作,以及代码的分析,超级详细
|
2月前
|
Oracle 关系型数据库 数据库
Oracle数据恢复—Oracle数据库文件有坏快损坏的数据恢复案例
一台Oracle数据库打开报错,报错信息: “system01.dbf需要更多的恢复来保持一致性,数据库无法打开”。管理员联系我们数据恢复中心寻求帮助,并提供了Oracle_Home目录的所有文件。用户方要求恢复zxfg用户下的数据。 由于数据库没有备份,无法通过备份去恢复数据库。
|
2月前
|
SQL 存储 Linux
从配置源到数据库初始化一步步教你在CentOS 7.9上安装SQL Server 2019
【11月更文挑战第16天】本文介绍了在 CentOS 7.9 上安装 SQL Server 2019 的详细步骤,包括配置系统源、安装 SQL Server 2019 软件包以及数据库初始化,确保 SQL Server 正常运行。
127 4
|
2月前
|
存储 Oracle 关系型数据库
oracle数据恢复—Oracle数据库文件大小变为0kb的数据恢复案例
存储掉盘超过上限,lun无法识别。管理员重组存储的位图信息并导出lun,发现linux操作系统上部署的oracle数据库中有上百个数据文件的大小变为0kb。数据库的大小缩水了80%以上。 取出&并分析oracle数据库的控制文件。重组存储位图信息,重新导出控制文件中记录的数据文件,发现这些文件的大小依然为0kb。
|
1月前
|
存储 Oracle 关系型数据库
服务器数据恢复—华为S5300存储Oracle数据库恢复案例
服务器存储数据恢复环境: 华为S5300存储中有12块FC硬盘,其中11块硬盘作为数据盘组建了一组RAID5阵列,剩下的1块硬盘作为热备盘使用。基于RAID的LUN分配给linux操作系统使用,存放的数据主要是Oracle数据库。 服务器存储故障: RAID5阵列中1块硬盘出现故障离线,热备盘自动激活开始同步数据,在同步数据的过程中又一块硬盘离线,RAID5阵列瘫痪,上层LUN无法使用。
|
2月前
|
网络安全 数据库
gbase 8a 数据库 安装8ampp 常见ssh报错问题
gbase 8a 数据库 安装8ampp 常见ssh报错问题

推荐镜像

更多