Download and install Oracle Critical Patch Updates (CPU) for Symantec DLP
search cancel

Download and install Oracle Critical Patch Updates (CPU) for Symantec DLP

book

Article ID: 184483

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

The following information will help you with the installation of an Oracle Critical Patch Update (CPU) for Symantec Data Loss Prevention (DLP).

Users of Enterprise Oracle must obtain the CPU from Oracle and work with Oracle if any issues are encountered.
Users of Standard Oracle will need to download the CPU from the Broadcom support portal.
Once Oracle releases a new CPU, we will post it to the support portal after testing and validating the CPU.

Environment

Oracle 19c

Cause

Vulnerability Patching

Resolution

Shut down listeners associated with the Oracle home that you are updating.

lsnrctl stop

Shut down all instances associated with DLP

SQL> conn sys as sysdba;
SQL> shutdown immediate 

Confirm the ORACLE_HOME environment variable is pointing to your Database Home eg: D:\oracle\product\19.0.0.0\db_1\
Windows: echo %ORACLE_HOME%
Linux: echo $ORACLE_HOME

Go to the directory where the patch is located and then run the OPatch utility by entering the following commands:

unzip p28265827_112040_MSWIN-x86-64.zip
cd 28265827
%oracle_home%\opatch\opatch apply

If there are errors, refer to the Known Issues section of the README.html file that comes packaged with the CPU.

Additional Information

The Oracle CPU includes both the opatch application and the patch itself.  These come in two different zip files.  You need to unzip these both under the db_home directory.  When you go to unzip the opatch application you will update the files under the original %db_home\opatch directory. 

Ref opatch application (example OPatch_64bit_12.2.0.1.29).  And the patch number zip file such as p6880880_190000_MSWIN-x86-64.zip. 

When you go to run the command to install the cpu be sure to change directories into the patch number directory and reference the opatch application,

%oracle_home%\opatch\opatch apply.

 

Also, the command will fail unless you Shutdown all sqlplus sessions, regardless of whether they are connected to the database or not.

  • Use the Windows Task Manager to show processes from all users, and look for any sqlplus.exe processes and stop them.

Some system services can also hold Oracle files open and cause this error. Stop the following services during Opatch execution:

  • The Distributed Transaction Coordinator service
  • The Windows Management Instrumentation service
  • The COM+ System Application service
  • On a virtualized system: the VMware Tools service and any other VMware-provided services

Note: In some cases, the Windows system can automatically restart these services after they are manually stopped. It may be necessary to temporarily disable the services while Opatch is executing, and re-enable them after the CPU installation has completed.

Also, When searching for which processes might be tying up the Oracle dlls you can use the tasklist command from the command prompt:

Tasklist /m

This displays all of the dlls being used by processes on the system.  However, if the CPU patch is erroring out and specifically mentions a dll, you can search for it with:

Example DLL lookup:

Tasklist /m oci.dll

This will return a list of all processes using the specified dll file.

If you receive a 73 or 74 error, you can try using the -force argument, or uninstall the conflicting package per the following article

Article Id: 159395 - Oracle Critical Patch Update on Windows fails with error 74

Powered by Wolken Software