Thanks all! It appears that I have nothing to patch for version 9.2.0.4. Ruth -----Original Message----- From: Paula_Stankus@xxxxxxxxxxxxxxx [mailto:Paula_Stankus@xxxxxxxxxxxxxxx] Sent: Wednesday, May 18, 2005 12:02 PM To: rgramolini@xxxxxxxxxxxxxxx; oracle-l@xxxxxxxxxxxxx Subject: RE: April 2005 Security Patches Ruth - I hope this helps you because you have helped me so much in the past. The issue is that there are multiple patch numbers based on the platform/version and RDBMS vs. Application Server. There is a matrix showing level of risk, what type of security issue. I used these to find the ones I applied to 9ias and 9.2.0.4 databases which were: -App. Server infrastructure database per 301040.1 needs to be upgraded: 4193307 patchset -9.2.0.6 (3095277) and 4193295. There are some gotchas by the way on the upgrade. 9.2.0.6 broke our HSODBC. 4193295 - you have to make a change that was not documented in a patch but in another note I happened to find: change the "453" to "23" in the $ORACLE_HOME/inventory/ContentsXML/oraclehomeproperties.xml file as shown in fix "a" of note:294658.1. Take care Appendix B. References * Critical Patch Update - April 2005 - <http://www.oracle.com/technology/deploy/security/pdf/ cpuapr2005.pdf> * Critical Patch Updates and Security Alerts - <http://www.oracle.com/technology/deploy/security/alerts.htm> * Map of Public Vulnerability to Advisory/Alert - <http://www.oracle.com/technology/deploy/security/pdf/ public_vuln_to_advisory_mapping.html> * Comments on Oracle Critical Patch Update April 2005 - <http://www.red-database-security.com/wp/ comments_oracle_cpu_april_2005_us.pdf> * NGSSoftware Oracle Database vulnerabilities - <http://www.ngssoftware.com/advisories/oracle-03.txt> * US-CERT Vulnerability Note VU#948486 - <http://www.kb.cert.org/vuls/id/948486> * US-CERT Vulnerability Note VU#982109 - <http://www.kb.cert.org/vuls/id/982109> -----Original Message----- From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Ruth Gramolini Sent: Wednesday, May 18, 2005 11:54 AM To: oracle-l Subject: April 2005 Security Patches Hello all, I can't seem to find the April 2005 security patch on Metalink. Does anyone know what the patchset # is? Thanks in advance, Ruth -- //www.freelists.org/webpage/oracle-l BEGIN-ANTISPAM-VOTING-LINKS ------------------------------------------------------ Teach CanIt if this mail (ID 32830935) is spam: Spam: https://dohsmsi01.doh.state.fl.us/canit/b.php?c=s&i=32830935&m=47d1fe19a bbc Not spam: https://dohsmsi01.doh.state.fl.us/canit/b.php?c=n&i=32830935&m=47d1fe19a bbc Forget vote: https://dohsmsi01.doh.state.fl.us/canit/b.php?c=f&i=32830935&m=47d1fe19a bbc ------------------------------------------------------ END-ANTISPAM-VOTING-LINKS -- //www.freelists.org/webpage/oracle-l
