oracle数据库高危漏洞补丁集安装

——记一次ORACLE数据库使用opatch升级PSU的过程
目的:使用oracle自带工具opatch对oracle数据库软件应用高危漏洞补丁集PSU,修复oracle数据库高危漏洞,规避由于普通用户具有业务用户数据表的查询权限,
绕过数据库安全机制对业务用户数据表进行增、删、改操作的隐患。
风险:
1、本次整改中需要启停数据库

2、对ORACLE数据库应用PSU补丁集可能会引入新的BUG
前期准备:
     操作系统版本:
[oracle@orcl11204 20299013]$ uname -a
Linux orcl11204 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:41:04 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
    OPatch软件客户端版本:
[oracle@orcl11204 20299013]$ export PATH=$ORACLE_HOME/OPatch:$PATH
[oracle@orcl11204 20299013]$opatch version
OPatch Version: 11.2.0.3.4
OPatch succeeded.
     数据库版本:
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> select ACTION_TIME, ACTION, COMMENTS from sys.DBA_REGISTRY_HISTORY;
ACTION_TIME       ACTION    COMMENTS
------------------------------ -------------------- ------------------------------
24-AUG-13 12.03.45.119862 PM   APPLY    Patchset 11.2.0.2.0
29-JUN-15 05.15.49.338988 PM   APPLY    Patchset 11.2.0.2.0
SQL> select count(*) from dba_objects where status'VALID';
  COUNT(*)
----------
0
SQL>select object_name,object_type,owner,status 
from dba_objects where status'VALID';
no rows selected

     准备高危漏洞补丁包
p20299013_112040_Linux-x86-64.zip(patch号参考文档 756671.1.html)
      根据漏洞补丁集安装要求opatch的版本最低位11.2.0.3.6,因此需要准备
oracle数据库高危漏洞补丁集安装
    p6880880_112000_Linux-x86-64.zip
高危漏洞的模拟测试
[oracle@orcl11204]$ sqlplus / as sysdba 
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jun 10 13:43:22 2015 
Copyright (c) 1982, 2011, Oracle.  All rights reserved. 
Connected to: 
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL>create user test identified by test; 
user created. 
SQL>grant dba to test; 
Grant succeeded. 
SQL>conn test/test 
Connected. 
SQL>create table t(id number); 
Table created. 
SQL>insert into t values(1); --插入5条 
1 row created. 
SQL>commit; 
Commit complete. 
  [oracle@orcl11g database]$ sqlplus / as sysdba 
SQL*Plus: Release 11.2.0.4.0 Production on Wed Jun 10 13:43:22 2015 
Copyright (c) 1982, 2011, Oracle.  All rights reserved. 
Connected to: 
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production 
With the Partitioning, OLAP, Data Mining and Real Application Testing options 
SQL> create user test_update identified by test_update; 
User created. 
SQL> grant select on test.t to test_update; 
Grant succeeded. 
SQL>  grant create session to test_update; 
Grant succeeded. 
SQL> conn test_update/test_update 
Connected. 
SQL> select count(*) from test.t; 
COUNT(*) 
---------- 
    5
SQL> update (with tmp as (select id from test.t) select id from tmp) set id=10 where id = 1; 
1 row updated. 
SQL> commit; 
Commit complete. 
SQL> delete (with temp as (select * from test.t) select id from temp) where id = 2; 
1 row deleted. 
SQL> commit; 
Commit complete. 
SQL>  insert into (with temp as (select * from test.t) select * from temp) select *   
from test.t where id =1; 
0 rows created. 
SQL> commit; 
Commit complete. 
由上DML执行及结果部分可知,普通拥有对业务用户下表的查询权限可以通过构造临时表对业务数据表进
行DML操作,该漏洞很危险。 
以下是漏洞补丁安装及补丁安装完毕后的验证:
关闭数据库实例及监听程序,如果EM开启,也要关闭EM
[oracle@orcl11204 20299013]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 29 17:48:47 2015
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> quit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@orcl11204 20299013]$ lsnrctl statu
LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 29-JUN-2015 17:50:59
Copyright (c) 1991, 2013, Oracle.  All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=orcl11204)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.4.0 - Production
Start Date                29-JUN-2015 16:51:52
Uptime                    0 days 0 hr. 59 min. 7 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /opt/oracle/product/11.2.0.4/db/network/admin/listener.ora
Listener Log File         /opt/oracle/diag/tnslsnr/orcl11204/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=orcl11204)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
The listener supports no services
The command completed successfully
根据readme的提示更新OPatch即将p6880880_112000_Linux-x86-64.zip上传解压并替换$ORACLE_HOME下的OPatch,注意先备份原有的OPatch以方便回退还原
[oracle@orcl11204 ~]$ opatch version
OPatch Version: 11.2.0.3.11
OPatch succeeded.
根据readme的提示先做安装前的预检,注意如果没有更新OPatch,预检能够通过,但是应用补丁集的时候会报错退出
[oracle@orcl11204 20299013]$ opatch prereq CheckConflictAgainstOHWithDetail -ph ./
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
PREREQ session
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-46-33PM_1.log
Invoking prereq "checkconflictagainstohwithdetail"
Prereq "checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.
[oracle@orcl11204 20299013]$ ps -ef|grep ora_
oracle    1757 24201  0 17:51 pts/2    00:00:00 grep ora_
[oracle@orcl11204 20299013]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.4
Copyright (c) 2012, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.4
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-51-23PM_1.log
Verifying environment and performing prerequisite checks...
Prerequisite check "CheckMinimumOPatchVersion" failed.
The details are:
The OPatch being used has version 11.2.0.3.4 while the following patch(es) require higher versions: 
Patch 17478514 requires OPatch version 11.2.0.3.5.
Patch 18031668 requires OPatch version 11.2.0.3.5.
Patch 18522509 requires OPatch version 11.2.0.3.5.
Patch 19121551 requires OPatch version 11.2.0.3.5.
Patch 19769489 requires OPatch version 11.2.0.3.5.
Patch 20299013 requires OPatch version 11.2.0.3.5.
Please download latest OPatch from My Oracle Support.
UtilSession failed: Prerequisite check "CheckMinimumOPatchVersion" failed.
Log file location: /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_17-51-23PM_1.log
OPatch failed with error code 73
以下是更新完OPatch的安装过程
[oracle@orcl11204 ~]$ ls
20299013  database  p20299013_112040_Linux-x86-64.zip  p6880880_112000_Linux-x86-64.zip  PatchSearch.xml
[oracle@orcl11204 ~]$ mv p6880880_112000_Linux-x86-64.zip $ORACLE_HOME
[oracle@orcl11204 ~]$ cd $ORACLE_HOME
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch                            plsql         srvm
assistants   cv           ide            lib      opmn                              precomp       suptools
bin          dbs          install        log      oracore                           racg          sysman
ccr          dc_ocm       instantclient  md       oraInst.loc                       rdbms         timingframework
cdata        deinstall    inventory      mesg     orcl11204_db11204                 relnotes      ucp
cfgtoollogs  demo         j2ee           mgw      ord                               root.sh       uix
clone        diagnostics  javavm         network  oui                               scheduler     usm
config       dv           jdbc           nls      owb                               slax          utl
crs          emcli        jdev           oc4j     owm                               sqldeveloper  wwg
csmig        EMStage      jdk            odbc     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
css          has          jlib           olap     perl                              sqlplus
[oracle@orcl11204 db]$ mv OPatch OPatch11204bak
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch11204bak                    plsql         srvm
assistants   cv           ide            lib      opmn                              precomp       suptools
bin          dbs          install        log      oracore                           racg          sysman
ccr          dc_ocm       instantclient  md       oraInst.loc                       rdbms         timingframework
cdata        deinstall    inventory      mesg     orcl11204_db11204                 relnotes      ucp
cfgtoollogs  demo         j2ee           mgw      ord                               root.sh       uix
clone        diagnostics  javavm         network  oui                               scheduler     usm
config       dv           jdbc           nls      owb                               slax          utl
crs          emcli        jdev           oc4j     owm                               sqldeveloper  wwg
csmig        EMStage      jdk            odbc     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
css          has          jlib           olap     perl                              sqlplus
[oracle@orcl11204 db]$ unzip p6880880_112000_Linux-x86-64.zip 
Archive:  p6880880_112000_Linux-x86-64.zip
   creating: OPatch/
  inflating: OPatch/operr.bat        
  inflating: OPatch/opatch.bat       
   creating: OPatch/crs/
  inflating: OPatch/crs/OsysModel.jar  
  inflating: OPatch/crs/installPatch.excl  
  inflating: OPatch/crs/patchDB.pl   
  inflating: OPatch/crs/CRSProductDriver.jar  
  inflating: OPatch/crs/patch112.pl  
  inflating: OPatch/crs/auto_patch.pl  
  inflating: OPatch/crs/opatchauto   
   creating: OPatch/crs/log/
  inflating: OPatch/crs/patch11203.pl  
  inflating: OPatch/crs/driver.jar   
  inflating: OPatch/crs/patch11202.pl  
  inflating: OPatch/emdpatch.pl      
  inflating: OPatch/README.txt       
   creating: OPatch/docs/
  inflating: OPatch/docs/Users_Guide.txt  
  inflating: OPatch/docs/Prereq_Users_Guide.txt  
  inflating: OPatch/docs/cversion.txt  
  inflating: OPatch/docs/FAQ         
 extracting: OPatch/version.txt      
   creating: OPatch/opatchprereqs/
   creating: OPatch/opatchprereqs/oui/
  inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml  
   creating: OPatch/opatchprereqs/opatch/
  inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml  
  inflating: OPatch/opatchprereqs/opatch/rulemap.xml  
  inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml  
  inflating: OPatch/opatchprereqs/prerequisite.properties  
   creating: OPatch/opatchauto-dir/
   creating: OPatch/opatchauto-dir/opatchautocore/
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/ProductDriver.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/oplan_core.jar  
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/apache-commons/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/OsysModel.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/automation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/patchsdk.jar  
   creating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/jaxb/activation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/osysmodel-utils.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/bundle.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/Validation.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/ValidationRules.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/jlib/com.oracle.glcm.common-logging_1.0.0.0.jar  
  inflating: OPatch/opatchauto-dir/opatchautocore/oplan  
  inflating: OPatch/opatchauto-dir/opatchautocore/oplan.bat  
  inflating: OPatch/opatchauto-dir/opatchautocore/README.txt  
  inflating: OPatch/opatchauto-dir/opatchautocore/README.html  
  inflating: OPatch/opatchauto-dir/opatchautocore/opatchautobinary  
   creating: OPatch/opatchauto-dir/opatchautodb/
   creating: OPatch/opatchauto-dir/opatchautodb/jlib/
  inflating: OPatch/opatchauto-dir/opatchautodb/jlib/oracle.oplan.db.classpath.jar  
  inflating: OPatch/opatchauto-dir/opatchautodb/jlib/oplan_db.jar  
   creating: OPatch/jlib/
  inflating: OPatch/jlib/oracle.opatch.classpath.jar  
  inflating: OPatch/jlib/opatch.jar  
  inflating: OPatch/jlib/opatchsdk.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.unix.jar  
  inflating: OPatch/jlib/oracle.opatchcore.classpath.windows.jar  
  inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar  
   creating: OPatch/scripts/
  inflating: OPatch/scripts/opatch_wls  
  inflating: OPatch/scripts/opatch_jvm_discovery.bat  
  inflating: OPatch/scripts/opatch_wls.bat  
  inflating: OPatch/scripts/opatch_jvm_discovery  
   creating: OPatch/oplan/
  inflating: OPatch/oplan/oplan.bat  
   creating: OPatch/oplan/jlib/
   creating: OPatch/oplan/jlib/jaxb/
  inflating: OPatch/oplan/jlib/jaxb/activation.jar  
  inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar  
  inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar  
  inflating: OPatch/oplan/jlib/OsysModel.jar  
  inflating: OPatch/oplan/jlib/JMXDrivers.jar  
  inflating: OPatch/oplan/jlib/Validation.jar  
  inflating: OPatch/oplan/jlib/automation.jar  
  inflating: OPatch/oplan/jlib/bundle.jar  
  inflating: OPatch/oplan/jlib/oplan.jar  
  inflating: OPatch/oplan/jlib/CRSProductDriver.jar  
  inflating: OPatch/oplan/jlib/OuiDriver.jar  
  inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar  
  inflating: OPatch/oplan/jlib/patchsdk.jar  
  inflating: OPatch/oplan/jlib/osysmodel-utils.jar  
  inflating: OPatch/oplan/jlib/ValidationRules.jar  
   creating: OPatch/oplan/jlib/apache-commons/
  inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar  
  inflating: OPatch/oplan/jlib/EMrepoDrivers.jar  
  inflating: OPatch/oplan/README.html  
  inflating: OPatch/oplan/oplan      
  inflating: OPatch/oplan/README.txt  
  inflating: OPatch/operr            
  inflating: OPatch/opatch           
  inflating: OPatch/opatchdiag.bat   
  inflating: OPatch/operr_readme.txt  
  inflating: OPatch/opatchdiag       
  inflating: OPatch/opatch.pl        
   creating: OPatch/ocm/
   creating: OPatch/ocm/lib/
  inflating: OPatch/ocm/lib/emocmclnt.jar  
  inflating: OPatch/ocm/lib/log4j-core.jar  
  inflating: OPatch/ocm/lib/regexp.jar  
  inflating: OPatch/ocm/lib/emocmcommon.jar  
  inflating: OPatch/ocm/lib/osdt_core3.jar  
  inflating: OPatch/ocm/lib/jsse.jar  
  inflating: OPatch/ocm/lib/http_client.jar  
  inflating: OPatch/ocm/lib/osdt_jce.jar  
  inflating: OPatch/ocm/lib/emocmclnt-14.jar  
  inflating: OPatch/ocm/lib/jnet.jar  
  inflating: OPatch/ocm/lib/jcert.jar  
  inflating: OPatch/ocm/lib/xmlparserv2.jar  
 extracting: OPatch/ocm/ocm.zip      
   creating: OPatch/ocm/bin/
  inflating: OPatch/ocm/bin/emocmrsp  
  inflating: OPatch/ocm/ocm_platforms.txt  
   creating: OPatch/ocm/doc/
[oracle@orcl11204 db]$ ls
apex         ctx          hs             ldap     OPatch                            perl          sqlplus
assistants   cv           ide            lib      OPatch11204bak                    plsql         srvm
bin          dbs          install        log      opmn                              precomp       suptools
ccr          dc_ocm       instantclient  md       oracore                           racg          sysman
cdata        deinstall    inventory      mesg     oraInst.loc                       rdbms         timingframework
cfgtoollogs  demo         j2ee           mgw      orcl11204_db11204                 relnotes      ucp
clone        diagnostics  javavm         network  ord                               root.sh       uix
config       dv           jdbc           nls      oui                               scheduler     usm
crs          emcli        jdev           oc4j     owb                               slax          utl
csmig        EMStage      jdk            odbc     owm                               sqldeveloper  wwg
css          has          jlib           olap     p6880880_112000_Linux-x86-64.zip  sqlj          xdk
[oracle@orcl11204 20299013]$ opatch version
OPatch Version: 11.2.0.3.11
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch prereq CheckConflictAgainstOHWithDetail -ph ./
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
PREREQ session
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-52-51PM_1.log
Invoking prereq "checkconflictagainstohwithdetail"
Prereq "checkConflictAgainstOHWithDetail" passed.
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch apply
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-53-23PM_1.log
Verifying environment and performing prerequisite checks...
OPatch continues with these patches:   17478514  18031668  18522509  19121551  19769489  20299013  
Do you want to proceed? [y|n]
y
User Responded with: Y
All checks passed.
Provide your email address to be informed of security issues, install and
initiate Oracle Configuration Manager. Easier for you if you use your My
Oracle Support Email address/User Name.
Visit http://www.oracle.com/support/policies.html for details.
Email address/User Name: 
You have not provided an email address for notification of security issues.
Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]:  y
Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/opt/oracle/product/11.2.0.4/db')
Is the local system ready for patching? [y|n]
y
User Responded with: Y
Backing up files...
Applying sub-patch '17478514' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.sdo, 11.2.0.4.0...
Patching component oracle.sysman.agent, 10.2.0.4.5...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.sdo.locator, 11.2.0.4.0...
Patching component oracle.nlsrtl.rsf, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '18031668' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.ldap.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.crs, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.ldap.rsf.ic, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '18522509' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '19121551' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.sysman.console.db, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.ordim.client, 11.2.0.4.0...
Patching component oracle.ordim.jai, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '19769489' to OH '/opt/oracle/product/11.2.0.4/db'
ApplySession: Optional component(s) [ oracle.sysman.agent, 11.2.0.4.0 ]  not present in the Oracle Home or a higher version is found.
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.ovm, 11.2.0.4.0...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.rdbms.util, 11.2.0.4.0...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.xdk.parser.java, 11.2.0.4.0...
Patching component oracle.oraolap, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Applying sub-patch '20299013' to OH '/opt/oracle/product/11.2.0.4/db'
Patching component oracle.rdbms.dv, 11.2.0.4.0...
Patching component oracle.rdbms.oci, 11.2.0.4.0...
Patching component oracle.precomp.common, 11.2.0.4.0...
Patching component oracle.sysman.agent, 10.2.0.4.5...
Patching component oracle.xdk, 11.2.0.4.0...
Patching component oracle.sysman.common, 10.2.0.4.5...
Patching component oracle.rdbms, 11.2.0.4.0...
Patching component oracle.rdbms.dbscripts, 11.2.0.4.0...
Patching component oracle.xdk.parser.java, 11.2.0.4.0...
Patching component oracle.sysman.console.db, 11.2.0.4.0...
Patching component oracle.xdk.rsf, 11.2.0.4.0...
Patching component oracle.rdbms.rsf, 11.2.0.4.0...
Patching component oracle.sysman.common.core, 10.2.0.4.5...
Patching component oracle.rdbms.rman, 11.2.0.4.0...
Patching component oracle.rdbms.deconfig, 11.2.0.4.0...
Verifying the update...
Composite patch 20299013 successfully applied.
Log file location: /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_18-53-23PM_1.log
OPatch succeeded.
[oracle@orcl11204 20299013]$ opatch lsinventory
Oracle Interim Patch Installer version 11.2.0.3.11
Copyright (c) 2015, Oracle Corporation.  All rights reserved.
Oracle Home       : /opt/oracle/product/11.2.0.4/db
Central Inventory : /opt/oraInventory
   from           : /opt/oracle/product/11.2.0.4/db/oraInst.loc
OPatch version    : 11.2.0.3.11
OUI version       : 11.2.0.4.0
Log file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/opatch2015-06-29_19-07-44PM_1.log
Lsinventory Output file location : /opt/oracle/product/11.2.0.4/db/cfgtoollogs/opatch/lsinv/lsinventory2015-06-29_19-07-44PM.txt
--------------------------------------------------------------------------------
Local Machine Information::
Hostname: orcl11204
ARU platform id: 226
ARU platform description:: Linux x86-64
Installed Top-level Products (1): 
Oracle Database 11g                                                  11.2.0.4.0
There are 1 products installed in this Oracle Home.
Interim patches (1) :
Patch  20299013     : applied on Mon Jun 29 19:00:43 CST 2015
Unique Patch ID:  18573940
Patch description:  "Database Patch Set Update : 11.2.0.4.6 (20299013)"
   Created on 4 Mar 2015, 02:27:44 hrs PST8PDT
Sub-patch  19769489; "Database Patch Set Update : 11.2.0.4.5 (19769489)"
Sub-patch  19121551; "Database Patch Set Update : 11.2.0.4.4 (19121551)"
Sub-patch  18522509; "Database Patch Set Update : 11.2.0.4.3 (18522509)"
Sub-patch  18031668; "Database Patch Set Update : 11.2.0.4.2 (18031668)"
Sub-patch  17478514; "Database Patch Set Update : 11.2.0.4.1 (17478514)"
   Bugs fixed:
     17288409, 17798953, 18273830, 18607546, 17811429, 17205719, 20506699
     17816865, 19972566, 17922254, 17754782, 16384983, 17726838, 13364795
     16934803, 17311728, 17284817, 17441661, 17360606, 13645875, 18199537
     16992075, 16542886, 17446237, 14015842, 17889549, 14565184, 19972569
     17071721, 20299015, 17610798, 17375354, 17449815, 17397545, 19463897
     18230522, 13866822, 17235750, 17982555, 16360112, 18317531, 17478514
     19769489, 12905058, 14338435, 18235390, 13944971, 18641451, 20142975
     17811789, 16929165, 18704244, 12747740, 18430495, 20506706, 17546973
     14054676, 17088068, 17346091, 18264060, 17016369, 17042658, 17343514
     14602788, 19972568, 19680952, 18471685, 19788842, 18508861, 14657740
     17332800, 19211724, 13837378, 13951456, 16315398, 17186905, 18744139
     19972564, 16850630, 18315328, 17437634, 19049453, 18673304, 17883081
     19006849, 19915271, 19013183, 18641419, 17296856, 18674024, 18262334
     17006183, 18277454, 16833527, 17232014, 16855292, 10136473, 17762296
     14692762, 17705023, 18051556, 17865671, 17852463, 18554871, 17853498
     19121551, 18334586, 19854503, 17551709, 19309466, 17588480, 19827973
     17344412, 17842825, 18828868, 18681862, 18554763, 17390160, 18456514
     16306373, 17025461, 13955826, 18139690, 11883252, 13609098, 17501491
     17239687, 17752121, 17299889, 17602269, 19197175, 17889583, 18316692
     17313525, 18673325, 12611721, 19544839, 18293054, 17242746, 18964939
     17600719, 18191164, 19393542, 17571306, 18482502, 19466309, 17951233
     17649265, 18094246, 19615136, 17040527, 17011832, 17165204, 18098207
     16785708, 16870214, 17465741, 16180763, 17174582, 17477958, 12982566
     16777840, 18522509, 20631274, 16091637, 17323222, 19463893, 16595641
     16875449, 12816846, 16524926, 17237521, 18228645, 18282562, 17596908
     19358317, 17811438, 17811447, 17945983, 18762750, 17156148, 18031668
     16912439, 17184721, 16494615, 18061914, 17282229, 17545847, 18331850
     18202441, 17082359, 18723434, 19554106, 17614134, 13558557, 17341326
     14034426, 17891946, 18339044, 17716305, 19458377, 17752995, 16392068
     19271443, 17891943, 18092127, 17258090, 17767676, 16668584, 18384391
     17614227, 17040764, 16903536, 17381384, 14106803, 15913355, 18973907
     18356166, 18673342, 17389192, 14084247, 16194160, 17612828, 17006570
     20506715, 17721717, 13853126, 17390431, 18203837, 17570240, 14245531
     16043574, 16863422, 17848897, 17877323, 18325460, 19727057, 17468141
     17786518, 17912217, 16422541, 19972570, 17267114, 17037130, 18244962
     18765602, 18203838, 18155762, 16956380, 16198143, 17246576, 17478145
     17394950, 14829250, 18189036, 18641461, 18619917, 17835627, 17027426
     16268425, 18247991, 19584068, 14458214, 18436307, 17265217, 17634921
     13498382, 16692232, 17786278, 17227277, 16042673, 16314254, 17443671
     18000422, 16228604, 16837842, 17571039, 17393683, 16344544, 17787259
     18009564, 20074391, 14354737, 15861775, 18135678, 18614015, 16399083
     18362222, 18018515, 16472716, 17835048, 17050888, 17936109, 14010183
     17325413, 18747196, 17080436, 16613964, 17036973, 17761775, 16579084
     16721594, 17082983, 18384537, 18280813, 20296213, 17302277, 16901385
     18084625, 15979965, 15990359, 18203835, 17297939, 17811456, 16731148
     13829543, 14133975, 17215560, 17694209, 18091059, 17385178, 8322815
     17586955, 18441944, 17201159, 16450169, 9756271, 17655634, 19730508
     17892268, 18868646, 17648596, 16220077, 16069901, 11733603, 16285691
     17587063, 18180390, 16538760, 18193833, 17348614, 17393915, 17957017
     17274537, 18096714, 17308789, 17238511, 18436647, 17824637, 14285317
     19289642, 14764829, 17622427, 18328509, 16571443, 16943711, 14368995
     18306996, 17346671, 14852021, 18996843, 17783588, 16618694, 17853456
     18674047, 17672719, 18856999, 12364061, 18783224, 17851160, 17546761
--------------------------------------------------------------------------------
OPatch succeeded.
[oracle@orcl11204 20299013]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Mon Jun 29 19:08:09 2015
Copyright (c) 1982, 2013, Oracle.  All rights reserved.
Connected to an idle instance.
SQL> startup
ORACLE instance started.
Total System Global Area  726540288 bytes
Fixed Size    2256792 bytes
Variable Size  478150760 bytes
Database Buffers  243269632 bytes
Redo Buffers    2863104 bytes
Database mounted.
Database opened.
SQL> conn test_update/test_update
Connected.
SQL> update (with tmp as (select id from test.t) select id from tmp) set id=10 
where id = 1;
  2  update (with tmp as (select id from test.t) select id from tmp) set id=10
                                      *
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> 
SQL> select ACTION_TIME, ACTION, COMMENTS from sys.DBA_REGISTRY_HISTORY;
ACTION_TIME       ACTION    COMMENTS
------------------------------ -------------------- ------------------------------
24-AUG-13 12.03.45.119862 PM   APPLY    Patchset 11.2.0.2.0
29-JUN-15 05.15.49.338988 PM   APPLY    Patchset 11.2.0.2.0
SQL> select count(*) from dba_objects where status'VALID';
  COUNT(*)
----------
0
SQL>select object_name,object_type,owner,status 
from dba_objects where status'VALID';
no rows selected

到此高危漏洞集安装及安装后漏洞验证成功完成!

上一篇:ORACLE expdp备份与ORA-31693、ORA-02354、ORA-02149


下一篇:Linux主机内存溢出导致oracle的SYS用户无法正常登陆