Vulnerability scanner reports that vulnerabilities that the latest Oracle CPU should have addressed
Article ID: 164037
Updated On:
Products
Issue/Introduction
You have completed a successful installation of a recent Oracle Critical Patch Update (CPU), which is a cumulative security patch issued by Oracle for its database.
Yet, when running a vulnerability scan (such as Nessus, Nmap, etc.) against the server, a number of vulnerabilities are reported that should have been addressed by the most recent CPU applied.
The remote Oracle database server is missing the October 2014 Critical Patch Update (CPU). It is, therefore, affected by security issues
in the following components
Environment
Latest Oracle CPU, OCT 2016, on Oracle 11.2.0.4, for example.
Cause
The latest CPUs for oracle 11.2.0.4 do not appear to be correctly updating the Oracle Patch History table in the database.
Resolution
Use the "Opatch" utility in Oracle that will return the details of the patches applied.
Details on commands and parameters: https://docs.oracle.com/cd/B16240_01/doc/em.102/e15294/options.htm
opatch lsinventory -bugs_fixed
C:\oracle\product\11.2.0.3\db_1\OPatch>opatch lsinventory -bugs_fixed
Oracle Interim Patch Installer version 11.2.0.1.9
Copyright (c) 2011, Oracle Corporation. All rights reserved.
Oracle Home : C:\oracle\product\11.2.0.3\db_1
Central Inventory : C:\Program Files\Oracle\Inventory
from : n/a
OPatch version : 11.2.0.1.9
OUI version : 11.2.0.3.0
Log file location : C:\oracle\product\11.2.0.3\db_1\cfgtoollogs\opatch\opatch2016-12-07_05-47-58AM.log
Lsinventory Output file location : C:\oracle\product\11.2.0.3\db_1\cfgtoollogs\opatch\lsinv\lsinventory2016
------------------------------------------------------------------------------------------------------
Installed Top-level Products (1):
Oracle Database 11g 11.2.0.3.0
There are 1 products installed in this Oracle Home.
List of Bugs fixed by Installed Patches:
Bug Fixed by Installed at Description
Patch
--- -------- ------------ -----------
3522216 13885389 Thu Aug 02 21:35:07 PKT 2012 WRONG PREDICATE DISPLAYING BY UTLXPLS.SQL
8631856 13885389 Thu Aug 02 21:35:07 PKT 2012 XF11.2EVXDB - TRC - QCSPREVFRO
9659614 13885389 Thu Aug 02 21:35:07 PKT 2012 HUGE ORA-8103 TRACE FILES GENERATED AFTER PATCH
7519406 APPLIED
9703627 13885389 Thu Aug 02 21:35:07 PKT 2012 11.2.0.2 ROOT USE OF A1SMCMD PLACES ALERT.LOG IN
USER DIRECTORY
10215977 13885389 Thu Aug 02 21:35:07 PKT 2012 DBMV2-BIGBH ORA-600[KCCBCK_BDI] WHEN BACKUP
CONTROLFILE CONCURRENTLY
10350832 13885389 Thu Aug 02 21:35:07 PKT 2012 FINISH_REDEF_TABLE HAS SLIM CHANGE IN GETTING X
DML LOCK
10357727 13885389 Thu Aug 02 21:35:07 PKT 2012 LINQEF ORA932 ERROR FOR STRING.EQUAL IF EMPTY
STRING VARIABLE IS INVOLVED
11063191 13885389 Thu Aug 02 21:35:07 PKT 2012 ORA-4031 WITH HINT CURSOR_SHARING_EXACT EXCESSIVE
KKSSP NN MEMORY
11665727 13885389 Thu Aug 02 21:35:07 PKT 2012 LSX-00249 ON SCHEMAVALIDATE() WITH NLS_NUMERIC_CHA
RACTERS=',.'
11772838 13885389 Thu Aug 02 21:35:07 PKT 2012 DB AGENT OVERWRITE POLICY ON LOCAL_LISTENER
11840910 13885389 Thu Aug 02 21:35:07 PKT 2012 ORA-604 DURING STARTUP WITH SYSOPER
11846902 13885389 Thu Aug 02 21:35:07 PKT 2012 MISSING ENTRIES FROM RAC REDO LOG DURING ADHOC
LOGMINER SESSION
11865420 13885389 Thu Aug 02 21:35:07 PKT 2012 INSERT SELECT WITH ERROR LOGGING IS SLOW, KDT
BUFFERING IS DISABLED
11877623 13885389 Thu Aug 02 21:35:07 PKT 2012 ORA-600 [17273]
11883969 13885389 Thu Aug 02 21:35:07 PKT 2012 DEFAULT TABLESPACE FOR STRUCTURED XML INDEX TABLE
12349553 13885389 Thu Aug 02 21:35:07 PKT 2012 VIP ON FORMER PRIMARY NIC CAN NOT BE CLEARD WHEN
<...snip...>
13652493 13885389 Thu Aug 02 21:35:07 PKT 2012 EF INCORRECT PL/SQL ANONYMOUS BLOCK IS GENERATED
FOR UPDATE
13683125 13885389 Thu Aug 02 21:35:07 PKT 2012 ASSOCIATE BUG WITH SHORWITZ_BUG-11822454
13709220 13885389 Thu Aug 02 21:35:07 PKT 2012 ORA-10663 WHEN SHRINKING A MASTER TABLE OF AN
MVIEW WITH PRIMARY KEY
13718476 13885389 Thu Aug 02 21:35:07 PKT 2012 IGNORE PRED BAST TO EXCLUSIVE LOCK
13724992 13885389 Thu Aug 02 21:35:07 PKT 2012 EF ENTITY NOT UPDATED AFTER SAVECHANGES USING STOR
EGENERATEDPATTERN
13767921 13885389 Thu Aug 02 21:35:07 PKT 2012 ORA-1426 DURING DBMS_REDEFINITION.START_REDEF_TABL
E
13787482 13885389 Thu Aug 02 21:35:07 PKT 2012 PDIT GSI11G CDC PURGE ROUTINE INVALIDATING CUSTOM
INDEXES
13791443 13885389 Thu Aug 02 21:35:07 PKT 2012 RUP2ST3 STARTER GLOBAL SEARCH DISPLAYS ERROR
13807411 13885389 Thu Aug 02 21:35:07 PKT 2012 SOA ORA-600 [KCBCHG1_38]
13873471 13885389 Thu Aug 02 21:35:07 PKT 2012 CTX_DDL.INSERT_MVDATA_VALUES PERFORMANCE
DEGRADATION IN 11.2.0.3
13885389 13885389 Thu Aug 02 21:35:07 PKT 2012 ORACLE 11G 11.2.0.3 PATCH 5 BUG FOR WINDOWS
(64-BIT AMD64 AND INTEL EM64)
13886023 13885389 Thu Aug 02 21:35:07 PKT 2012 GI PSU 11.2.0.3.2 RC FAILS TO INSTALL ON 32-BIT
2.6.32-300 KERNEL DUE TO ACFS
13942723 13885389 Thu Aug 02 21:35:07 PKT 2012 SRVCTL, DBCA, NETCA, DEINSTALL TOOL CAN'T BE USED
AFTER APPLYING 11.2.0.3 PATCH4
------------------------------------------------------------------------------------------------------
OPatch succeeded.
Feedback
