最近许多客户发过来由绿盟相关软件扫描的ORACLE漏洞,如下图所示:
当然,如果可以,你可以点开+号,查看具体信息,也包含补丁链接。然后可以进入解决办法的任一个链接,找到相应版本的补丁。
找到相应补丁后,你会发现有点补丁已经被别的补丁取代。那么就要看是不是要打新的补丁,如果是直接点击进入下载。
同样也可以直接进入MOS,在补丁程序和更新程序选项卡下的建议的补丁程序下找相应平台相应版本的补丁。
所以
我这次要打的是Linux x64平台,ORACLE RAC 11.2.0.3版本,直接打GI补丁就可以,它包含DB补丁。
根据README.txt一步一步安装。过程如下:
一、Opatch版本
oracle用户两个节点,分别执行:
/u01/app/oracle/product/11.2.0/db_1/OPatch/opatch version
cp -a /u01/app/oracle/product/11.2.0/db_1/OPatch/ /u01/app/oracle/product/11.2.0/db_1/OPatch_11.2.0.1.7/
rm -rf OPatch
grid用户两个节点,要使用root用户分别执行:
/u01/app/11.2.0/grid/OPatch/opatch version
cp -a /u01/app/11.2.0/grid/OPatch/ /u01/app/11.2.0/grid/OPatch_11.2.0.1.7/
rm -rf OPatch
root用户完成opatch版本升级
两个节点,oracle opatch目录
cd /opatch
unzip p6880880_112000_Linux-x86-64.zip -d /u01/app/oracle/product/11.2.0/db_1
chown -R oracle:oinstall /u01/app/oracle/product/11.2.0/db_1/OPatch
/u01/app/oracle/product/11.2.0/db_1/OPatch/opatch version
两个节点,grid opatch目录
cd /opatch
unzip p6880880_112000_Linux-x86-64.zip -d /u01/app/11.2.0/grid
chown -R grid:oinstall /u01/app/11.2.0/OPatch
/u01/app/11.2.0/grid/OPatch/opatch version
二、OCM响应文件
在GRID用户Opatch目录下两个节点各生成一个即可:
/u01/app/11.2.0/grid/OPatch/ocm/bin/emocmrsp
[oracle@rh1 bin]$ ll /u01/app/11.2.0/grid/OPatch/ocm/bin
total 16
-rwxr----- 1 grid oinstall 9063 Nov 27 2009 emocmrsp
-rw-r--r-- 1 grid oinstall 623 Nov 21 15:21 ocm.rsp
三、验证Oracle Inventory
两个节点+两个opatch目录(共四次)
$ORACLE_HOME/OPatch/opatch lsinventory -detail -oh $ORACLE_HOME
四、关闭EM
[oracle@rh1 OPatch]$ export ORACLE_UNQNAME=rac11g
[oracle@rh1 OPatch]$ emctl status dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://rh1:1158/em/console/aboutApplication
Oracle Enterprise Manager 11g is running.
------------------------------------------------------------------
Logs are generated in directory /u01/app/oracle/product/11.2.0/db_1/rh1_rac11g/sysman/log
[oracle@rh1 OPatch]$ emctl stop dbconsole
Oracle Enterprise Manager 11g Database Control Release 11.2.0.3.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
https://rh1:1158/em/console/aboutApplication
Stopping Oracle Enterprise Manager 11g Database Control ...
... Stopped.
五、安装
使用root用户,分别在节点1、2上执行:
这里还有一个问题:解压后权限属主为root,那么下面直接opatch auto会报如下错误,查看日志、网上查找好像权限问题,于是解压后修改权限!
patch /patch/p19440385_112030_Linux/17592127/custom/server/17592127 apply successful for home /u01/app/oracle/product/11.2.0/db_1
patch /patch/p19440385_112030_Linux/19121548 apply successful for home /u01/app/oracle/product/11.2.0/db_1
Stopping CRS...
Stopped CRS successfully
Error : The opatch Applicable check failed. The patch /patch/p19440385_112030_Linux/17592127 is not applicable to /u01/app/11.2.0/grid
Error:Patch Applicable check failed for /u01/app/11.2.0/grid
Starting CRS...
ERROR: Prereq checkApplicable failed. Refer log file for more details.
opatch auto failed.
这个还有疑惑,db可以应用成功,gi失败,而且readme中没有明确说明解压后目录的属主与权限...
unzip p19440385_112030_Linux-x86-64.zip -d /opatch/psu
chown -R grid:oinstall /opatch/psu
chmod 777 -R /opatch/psu
/u01/app/11.2.0/grid/opatch auto /opatch/psu -ocmrf /u01/app/11.2.0/grid/OPatch/ocm/bin/ocm.rsp
六、执行脚本
全部节点更新完PSU后在任意一个节点oracle运行
sqlplus /as sysdba
SQL> STARTUP
SQL> @?/rdbms/admin/catbundle.sql psu apply
七、验证
1.dba_registry_history视图查看补丁安装历史
2.在OPatch目录下查看安装过的补丁:./opatch lsinventory