October 14, 2014 Oracle released a new Patch Set Update. And as usual we strongly recommend that you’ll apply it as soon as possible to your databases.
- PSU October 2014 – General Information:
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
There’s one fix for JAVA in it which requires to either take the database down or do some other actions. Please find a detailed description here:
- Eric Maurice’s security blog:
https://blogs.oracle.com/security/entry/october_2014_critical_patch_update
“Due to the nature of the fixes required, Oracle development was not able to produce a normal RAC-rolling fix for these issues. To help protect customers until they can apply the Oracle JavaVM component Database PSU, which requires downtime, Oracle produced a script that introduces new controls to prevent new Java classes from being deployed or new calls from being made to existing Java classes, while preserving the ability of the database to execute the existing Java stored procedures that customers may rely on.” - MOS:1929745.1 – “Oracle
JavaVM Component Database PSU”
-Mike
Since the Oracle Secure Enterprise Search v11.2 is a unique installation with Oracle version 11.2.0.3 along with the required one off patches, how would this Java fix be implemented. I am not finding any documentation to explain the application of the October 2014 PSU Java vulnerability patch into Oracle Secure Search version 11.2.
Any help is appreciated. Thanks, Ray
Ray,
thanks for your comment – and to be honest, I’ll have to ask you to log an SR with Oracle Support to find out as I don’t have an answer to it.
Sorry – thanks
Mike
Hi Mike,
What about if the customer has two Exadata with DG between them, will they need to shutdown both at the same time? Or can patch one site while using the other one and then switch back?
Thanks
Mohammed,
I’m guessing that you can’t apply it on the standby first – therefore you’ll get an outage on both sites. But to double check please ask on the Exadata mailing list as well to reach out to the experts.
Cheers
Mike