January 2018 Database RU and RUR got released

Posted on January 17, 2018 by Patch Recommendation 8

It’s patching time again. The January 2018 Database RU and RUR got released. And of course other patch bundles as well. And of course not only for the database but for many other products as well. I try to summarize below the most important information and links.

January 2018 Database RU and RUR got released

First of all always have a look at the Critical Patch Alert and the Risk Matrix:

Then you’ll see that there are three fixes included for vulnerabilities which may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.

Afterwards please download the patches via this note:

Section 3.1.4.1 has the download links for the database releases 12.2.0.1, 12.1.0.2 and 11.2.0.4.

Update (RU) and Revision (RUR) nomenclature

A quick explanation as this – IMHO – is not obvious to everybody at first sight.

In section 3.1.4.2 ofย MOS Note 2325393.1 you’ll find the following patches (and of course others):

This means:

  • January 2018 Upgrade (RU)
    Database Jan 2018 RU 12.2.0.1.180116 Patch 27105253 for UNIX
    January 2018 RU and RUR got released
    It is the fresh new Update (RU) from January 2018.
    This is the one you should install.
    .
  • January 2018 Revision (RUR) based on the July 2017 Update (RU)
    Database Jul 2017 RUR 12.2.0.1.180116 Patch 27013506
    January 2018 RU and RUR got released
    In addition to the January 2018 Update, Revision 2 for the July 2017 Update (RU) is available. It contains the security fixes from October 2017 and January 2018 but misses the additional fixes from October 2017’s Update and January 2018’s Update. Keep in mind that there won’t be another Revision on top of the July 2017 Update.t
    .
  • January 2018 Revision (RUR) based on the October 2017 Update (RU)
    Database Oct 2017 RUR 12.2.0.1.180116 Patch 27013510
    January 2018 RU and RUR got released
    And finally this is the Revision 1 (RUR1) for the October 2017 Update (RU). It does contain the security fixes from January 2018 but for instance no new optimizer fixes (which are turned off if they change behavior anyways).

I think the order in the document is a bit misleading, having the Update first, then Revision 2 and then Revision 1.

Hope this helps a bit ๐Ÿ™‚

In addition you may read on about how to apply an Update (RU) to Oracle Database 12.2.0.1:

–Mike

 

Share this:

Tags:

You may also like...

8 Responses

  1. Patrick Weiden says:
    January 17, 2018 at 09:24

    Hey Mike, thanks for your article, it is helpful as always.
    Just a small typo: In part “January 2018 Revision (RUR) based on the October 2017 Update (RU)” I think you mean “RUR1” and not “RU1” as you write it.
    Thanks!

    Reply
  2. Frank Dernoncourt says:
    January 17, 2018 at 14:45

    Hello Mike, according to http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html, am I to understand that the January CPU includes NO fixes for Oracle database 12cR2? “Affected versions” says “11.2.0.4, 12.1.0.2”.

    Reply
  3. Frank Dernoncourt says:
    January 17, 2018 at 17:24

    Sorry Mike. I clicked on the https://blogs.oracle.com/security/ link that’s in the “Oracle Critical Patch Update for January 2018” e-mail we received yesterday from Oracle Security Alerts . It points to http://app.response.oracle-mail.com/e/er?elq_mid=98964&sh=21092613162322091312132412060907293412332734&cmid=SPPT160711P00036&s=1973398186&lid=77309&elqTrackId=9cb712be92a64266bdd1d29d6c62bdce&elq=6aba5b286b9e418998caa2e93946132f&elqaid=98964&elqat=1
    I should have looked closed at that page — my bad.

    Reply
  4. Stephan says:
    January 31, 2018 at 14:10

    Hi Mike,
    good information – thanks for this. We are running a different set to be on the latest quarterly patchset.

    11.2.0.4 + 12.1.0.2 (over 90% of our databases) – PSU plus required on off patches
    12.2 RU

    For the RU we do not the a problem as for the RUR’s but for the PSU’s we are seeing the same damed issue each quarter. There is a proper documentation what patches needed on top of PSU but the update of this documentation always need to be requested and the waiting time is high:

    Things to Consider to Avoid Poor Performance or Wrong Results on 12.1.0.2 ( Doc ID 2034610.1 )
    Things to Consider for 12.1.0.2 to Avoid Problems with SQL Plan Management (SPM) ( Doc ID 2035898.1 )
    Things to Consider to Avoid Poor Performance or Wrong Results on 11.2.0.4 ( Doc ID 1645862.1 )
    Things to Consider for 11.2.0.4 to Avoid Problems with SQL Plan Management (SPM) ( Doc ID 2034706.1 )

    We learned painfully that we need the patches on top of a PSU to “survive”. Shame to MOS to not provide information on time.

    Reply
    • Mike.Dietrich says:
      February 1, 2018 at 17:01

      Stephan,

      I know that – and that’s why I recommended publicly a long while ago to use BPs instead of PSUs in 12.1.0.2. The problem in 11.2 was: BP were and are meant for Exadata only. And not for non-Exa environments.

      Updates (RU) will significantly lower the number of one-offs and merge patches simply due to the fact that they contain more fixes than the PSUs did. There’s no such thing as PSUs anymore.

      My overall recommendation would be:
      Upgrade to 12.2.0.1 ๐Ÿ™‚ We just checked with a huge customer yesterday with 120 one-offs on top of the July 2017 PSU for 12.1.0.2. 116 of them are fixed in 12.2.0.1 (not saying that there may not be new issues but it seems to be way less likely).

      Cheers,
      Mike

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Mike Dietrich
Oracle Senior Director of Product Manager for Database Upgrade, Migrations and Patching writing just another blog.

Opinions certainly are my own as is this page.

Archives

Categories

Upgrade @YouTube

Subscribe via Email

Join 7,331 other subscribers

Follow me on Twitter