Oracle CPU(Critical Patch Update) 설치법 (2006.1.17)

카테고리 없음

Oracle CPU(Critical Patch Update) 설치법 (2006.1.17)

저멀리날아 2006. 2. 17. 18:33

* Technical Description

Multiple vulnerabilities were identified in various Oracle products, which could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary files, disclose sensitive information, conduct SQL injection and cross site scripting attacks or bypass certain security restrictions. These flaws are due to errors in the Connection Manager, Net Listener, XML Database, Reports, Oracle HTTP Server, Email Server, Oracle Collaboration Suite Wireless and Voice, Oracle Content Management SDK, Oracle Content Services, and in various Oracle PL/SQL packages.

* Affected Products

PeopleSoft Enterprise Portal version 8.9
PeopleSoft Enterprise Portal version 8.8
PeopleSoft Enterprise Portal version 8.4
Oracle9i Database Release 2 version 9.2.0.7
Oracle9i Database Release 2 version 9.2.0.6
Oracle9i Database Release 1 version 9.0.1.5 FIPS
Oracle9i Database Release 1 version 9.0.1.5
Oracle9i Database Release 1 version 9.0.1.4
Oracle9i Collaboration Suite Release 2 version 9.0.4.2
Oracle9i Application Server Release 1 version 1.0.2.2
Oracle8i Database Release 3 version 8.1.7.4
Oracle8 Database Release 8.0.6 version 8.0.6.3
Oracle Workflow versions 11.5.1 through 11.5.9.5
Oracle Enterprise Manager 10g Grid Control version 10.1.0.4
Oracle Enterprise Manager 10g Grid Control version 10.1.0.3
Oracle E-Business Suite Release 11i versions 11.5.1 through 11.5.10 CU2
Oracle E-Business Suite Release 11.0
Oracle Developer Suite version 9.0.4.2
Oracle Developer Suite version 9.0.4.1
Oracle Developer Suite version 9.0.2.1
Oracle Developer Suite version 6i
Oracle Developer Suite version 10.1.2.0
Oracle Database 10g Release 2 version 10.2.0.1
Oracle Database 10g Release 1 version 10.1.0.5
Oracle Database 10g Release 1 version 10.1.0.4.2
Oracle Database 10g Release 1 version 10.1.0.4
Oracle Database 10g Release 1 version 10.1.0.3
Oracle Collaboration Suite 10g Release 1 version 10.1.2
Oracle Collaboration Suite 10g Release 1 version 10.1.1
Oracle Application Server 10g Release 2 version 10.1.2.1.0
Oracle Application Server 10g Release 2 version 10.1.2.0.2
Oracle Application Server 10g Release 2 version 10.1.2.0.1
Oracle Application Server 10g Release 2 version 10.1.2.0.0
Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.2
Oracle Application Server 10g Release 1 (9.0.4) version 9.0.4.1
JD Edwards EnterpriseOne Tools OneWorld Tools version SP23_L1
JD Edwards EnterpriseOne Tools OneWorld Tools version 8.95.F1

* Patch 받는곳

https://metalink.oracle.com/metalink/plsql/f?p=130:14:11794813088197351374::::p14_database_id,p14_docid,p14_show_header,

p14_show_help,p14_black_frame,p14_font:NOT,

343384.1,1,0,1,helvetica#OPatch

* 설치 준비

- Database Full 백업 : Engine 포함

- OPatch 최신버전 설치 : p2617419_10102_GENERIC.zip

( opatch version 으로 version 확인 )

* 설치

- unzip p4751923_92070_LINUX.zip

- 해당 dir 로 이동하여 (path 가 걸린 상태)

#> opatch apply

-----------------설치예제-------------------------------------------------------------------------------

[B04]/home/oracle/ORA920/jeuns/4751923> opatch apply

We recommend you refer to the OPatch documentation under
OPatch/docs for usage reference. We also recommend using
the latest OPatch version. For the latest OPatch version
and other support related issues, please refer to document
293369.1 which is viewable from metalink.oracle.com

Oracle Home = /home/oracle/ORA920
Location of Oracle Universal Installer components = /home/oracle/ORA920/oui
Location of OraInstaller.jar = "/home/oracle/ORA920/oui/jlib"
Oracle Universal Installer shared library = /home/oracle/ORA920/oui/lib/linux/liboraInstaller.so
Location of Oracle Inventory Pointer = /etc/oraInst.loc
Location of Oracle Inventory = /home/oracle/ORA920/inventory
Path to Java = /home/oracle/ORA920/jre/1.4.2/bin/java
Log file = /home/oracle/ORA920/.patch_storage/<patch ID>/*.log

Creating log file "/home/oracle/ORA920/.patch_storage/4751923/Apply_4751923_02-21-2006_07-31-57.log"

Backing up comps.xml ...

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Is this system ready for updating?
Please respond Y|N >
Y ----------> 입력
Patching...
Executing the Apply pre-patch script (/home/oracle/ORA920/jeuns/4751923/custom/scripts/pre)...
Creating new directory "/home/oracle/ORA920/cpu/CPUJan2006/owa_all/101"
Creating new directory "/home/oracle/ORA920/cpu/CPUJan2006/owa_all/90"
Creating new directory "/home/oracle/ORA920/cpu/CPUJan2006/owa_all/30"
Creating file to hold list of directories that were mkdir'ed: "/home/oracle/ORA920/.patch_storage/4751923/opatch_dirs_created.lst"
Printing stderr to output (from /home/oracle/ORA920/.patch_storage/4751923/make_local.stderr)
cp: cannot stat `/DISCARD/': No such file or directory

Updating inventory...
Backing up comps.xml ...

********************************************************************************
********************************************************************************
** ATTENTION **
** **
** Please note that the Security Patch Installation (Patch Deinstallation) is **
** not complete until all the Post Installation (Post Deinstallation) **
** instructions noted in the Readme accompanying this patch, have been **
** successfully completed. **
** **
********************************************************************************
********************************************************************************
Executing the Apply post-patch script (/home/oracle/ORA920/jeuns/4751923/custom/scripts/post)...

OPatch succeeded.
[B04]/home/oracle/ORA920/jeuns/4751923>

-------------------------binary Patch 끝----------------------------------------------------------

시스템 사양에 따라 다르겠지만..DL380 700Mhx 2CPU 기준 15~20분 소요됩

- binary 설치가 이상없이 끝났으면 아래 수행

SQL> shutdown immediate

SQL> startup

SQL>ALTER SYSTEM ENABLE RESTRICTED SESSION;

SQL> spool catcpu.log
SQL>@$ORACLE_HOME/cpu/CPUJan2006/catcpu.sql

SQL>spool off

-------------catcpu.sql 수행시 error 메시지-------------------------------

CREATE ROLE logstdby_administrator
*
ERROR at line 1:
ORA-01921: role name 'LOGSTDBY_ADMINISTRATOR' conflicts with another user or
role name

;

CREATE TABLE registry$ (
*
ERROR at line 1:
ORA-00955: name is already used by an existing object

------------기존에 있는것으로이상없음-----------------------------------

결과 Log : APPLY_TEST_21Feb2006_07_46_52.log 확인 가능 ( 5분 소요)

SQL> spool utlrp.log
SQL>@$ORACLE_HOME/rdbms/admin/utlrp.sql (Error 없음, 10초)

SQL>spool off

- 정상적용여부 확인

# opatch lsinventory

-------------결과 화면---------------------------------------------------

[B04]/home/oracle/ORA920/rdbms/admin> opatch lsinventory

Creating log file "/home/oracle/ORA920/.patch_storage/LsInventory__02-21-2006_07-55-29.log"

Result:

Installed Patch List:
=====================
1) Patch 4751923 applied on Tue Feb 21 07:38:27 KST 2006
[ Base Bug(s): 4754842 4547566 2701372 4567971 4567854 3119415 4572340 4049345 4751923 4547641 ]

OPatch succeeded.
[B04]/home/oracle/ORA920/rdbms/admin>

-----------------------------------------------------------------------------

- Database 정상 여부 확인

. 데이터 정상 여부 확인

SQL>select OBJECT_NAME from DBA_OBJECTS where status = 'INVALID';
SQL> SELECT dbms_registry.script('CONTEXT','@ctxcpu.sql') AS cpu_name FROM DUAL;
If the select query returns "@nothing.sql", ConText is not installed in your Database.
If the select query returns "@ctxcpu.sql", ConText was installed.

. application 정상 구동 확인

* 문제 발생시 원복

- opatch apply 시 문제 발생

opatch rollback -id 4392392
cd $ORACLE_HOME/.patch_storage/XXXXXXX

sh rollback_XXXXXXX.sh
source XXXXXXX_make.txt

- 전체 백업분 Restore

. oracle engine

. oracle datafile 등