It’s patching time again. The January 2018 Database RU and RUR got released. And of course other patch bundles as well. And of course not only for the database but for many other products as well. I try to summarize below the most important information and links.
January 2018 Database RU and RUR got released
First of all always have a look at the Critical Patch Alert and the Risk Matrix:
Then you’ll see that there are three fixes included for vulnerabilities which may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
Afterwards please download the patches via this note:
- MOS Note 2325393.1
Critical Patch Update (CPU) Program January 2018 Patch Availability Document (PAD))
Section 188.8.131.52 has the download links for the database releases 184.108.40.206, 220.127.116.11 and 18.104.22.168.
Update (RU) and Revision (RUR) nomenclature
A quick explanation as this – IMHO – is not obvious to everybody at first sight.
In section 22.214.171.124 of MOS Note 2325393.1 you’ll find the following patches (and of course others):
- Database Jan 2018 RU 126.96.36.199.180116 Patch 27105253 for UNIX, or
- Database Jul 2017 RUR 188.8.131.52.180116 Patch 27013506, or
- Database Oct 2017 RUR 184.108.40.206.180116 Patch 27013510
- January 2018 Upgrade (RU)
Database Jan 2018 RU 220.127.116.11.180116 Patch 27105253 for UNIX
It is the fresh new Update (RU) from January 2018.
This is the one you should install.
- January 2018 Revision (RUR) based on the July 2017 Update (RU)
Database Jul 2017 RUR 18.104.22.168.180116 Patch 27013506
In addition to the January 2018 Update, Revision 2 for the July 2017 Update (RU) is available. It contains the security fixes from October 2017 and January 2018 but misses the additional fixes from October 2017’s Update and January 2018’s Update. Keep in mind that there won’t be another Revision on top of the July 2017 Update.t
- January 2018 Revision (RUR) based on the October 2017 Update (RU)
Database Oct 2017 RUR 22.214.171.124.180116 Patch 27013510
And finally this is the Revision 1 (RUR1) for the October 2017 Update (RU). It does contain the security fixes from January 2018 but for instance no new optimizer fixes (which are turned off if they change behavior anyways).
I think the order in the document is a bit misleading, having the Update first, then Revision 2 and then Revision 1.
Hope this helps a bit 🙂
In addition you may read on about how to apply an Update (RU) to Oracle Database 126.96.36.199: