Kevin Kempf's Blog

January 20, 2011

January, 2011 Critical Patch Update is out

Filed under: Security — kkempf @ 11:30 am

Overview

The January 2011 CPU came out.  For those of us on 11i who diligently apply these things, it means burning a day to dissect what is available, needed, and worthwhile.

First, the good news

On the Apps side, the 11i/11.5.10.2 work is finally down to 1 (one!) patch to apply: 10258309 Ironic, that it takes the product going into extended support, before getting down to 1 patch.  Would have loved to have seen this for the past 5 years, but hey, it’s a step in the right direction.

Now comes the bad news… you do the math

Ah, the RDBMS.  After my most recent debacle with overlays, recommended patches, performance patches, and advanced compression patches, I’ve done the math.  For 11.1.0.7.4, I can either

a) Apply the CPU only (10249534)

b) Blindly trust Oracle to decide what’s best for me and apply the PSU (10248531), 5 overlay patches (see Note 1147107.1), and then double check and see what patches were knocked out as a result.

Hmm… let me think about it.  11i is in extended support.  My database is running fine.  I’m not looking for anything but a stable ship right now, while we try to figure out how or why to upgrade to R12.  I’ll choose door #1, thanks for playing!

A Rant About Patching EM 11g

So I pulled all the patches I could for EM 11g; this included the obvious (RDBMS patch), the EM Agent (OPatch), the OMS Home (OPatch).  No problem, these applied without incident.  OPatch is a pretty well oiled tool at this point.

Next: a lot of conFusion about my WLS 10.3.2 home.  According to the CPU note (1263333.1), I’m supposed to apply patch MOS: 9893328, or MOS: 9893736.  Not sure what the or is all about, but I clicked through.  The patch is labeled for WLS release 10.3.3.    In fairness, the master note says “The WebLogic plug-ins include all cumulative bug fixes and thus include fixes for all previously released advisories. These plug-ins are compatible with all versions of WebLogic Server”.   In that case, why list versions on the master note? It’s just confusing!

No problem, I’ll pull the patch and see what’s up.  Here’s the entire readme for 9893328:

Content
=========================
The Web Server plug-ins built at change number CL1338089

Supported configurations
=========================
The WebLogic webserver plugins are common to all versions of WebLogic servers. 
For specific supported configurations, refer to the Weblogic server documentation.

Upgrade instructions.
=====================
- Save a back-up copy of your existing plug-in module.
- replace the plug-in module with the one found in this zip-file
- restart your web server.

WTF does that mean?  Replace what plug-in module?  I’m completely unfamiliar with patching Weblogic Server, a little help maybe?  Let me check the other side of this “or” patch equation.  Here’s the readme for 9893736:

******************************************************
 Oracle WebLogic Server Web Server Plugins 1.1 README
******************************************************

Zip file contents:
------------------

This zip distribution contains Oracle WebLogic Server Web Server Plugins 1.1 zip files for the platforms and web servers supported. For more information, please extract the appropriate zip file which has the README.txt file explaining the installation and configuration details.

For complete documentation, refer to the documentation steps listed below:

- Go to the Oracle Fusion Middleware 11g Release 1 (11.1.1) Documentation below:

	http://www.oracle.com/technology/documentation/middleware.html

- From here, navigate to the Oracle Fusion Middleware 11g Release 1 Patchset 2 (11.1.1.3) documentation for "WebLogic Server" and then to "Using Web Server Plug-ins".

Seriously?  There’s no coherent, consistent or detailed message here, Oracle!  First I’m looking to patch WLS 10.3.2, and your patch says it’s for 10.3.3.  Then it says I can install one or the other (fielder’s choice?).  Then I pull the readme’s for a product I’m barely familiar with and they don’t tell me squat.  In fact, they reference FMW 11.1.1 and FMW 11.1.1.3 and I have no idea if your crazy versioning scheme means that’s WLS 10.3.2.

I can’t be certain if this is just growing pains (i.e., Oracle hasn’t ironed out a simple CPU application method to FMW/WLS), integration pains (Oracle hasn’t incorporated WLS into the “fold”) or what, but it can’t get worse, nor can it remain this bad.  I’ll skip applying this CPU to WLS, hoping it looks better next quarter.  Note 1263374.1 promises PSU’s “soon”: “Starting with Oracle WebLogic Server 10.3.4, Oracle will release WebLogic Server Patch Set Updates (PSUs). Details on the WebLogic Server PSU program will soon be available.”

Advertisements

Blog at WordPress.com.