Security - What are Oracle CPU Patches and Why to Apply them - CRITICAL for Mission Critical Databases
Oracle Critical Patch Update (CPU) and Patch Set Updates (PSU) are periodic security patches released by Oracle to address vulnerabilities in their products. These updates typically include fixes for security issues, bug fixes, and sometimes new features or enhancements.
The CPU is a collection of patches that address multiple security vulnerabilities across various Oracle products. It is usually released on a quarterly basis, with additional updates as needed for critical issues. The CPU includes fixes for both Oracle's own code and third-party components used in their products.
The PSU, on the other hand, is a cumulative update that includes all the fixes from the previous CPU and any additional security patches specific to a particular product or component. PSUs are also released on a regular schedule, typically every three months.
It is important for organizations using Oracle products to apply these patches in a timely manner to protect against potential security threats and ensure the stability and performance of their systems. Applying CPU/PSU patches can help mitigate risks associated with known vulnerabilities and maintain compliance with industry standards and regulations.
The procedure to apply Oracle CPU/PSU patches can vary depending on the specific products and versions being used, as well as the environment in which they are deployed. However, here is a general overview of the steps involved:
Identify the patches needed: Determine which products and versions require patching by reviewing the Oracle CPU/PSU advisories and identifying the relevant Common Vulnerabilities and Exposures (CVE) numbers.
Download the patches: Obtain the required patches from the Oracle Support website or other authorized sources.
Create a patching plan: Develop a detailed plan for applying the patches, including any necessary pre-patching activities such as backups, system downtime, and testing.
Prepare the environment: Ensure that the environment meets the prerequisites for patching, such as having sufficient disk space, meeting minimum software requirements, and having the appropriate permissions and access rights.
Apply the patches: Use the appropriate tools and methods to apply the patches, following the instructions provided by Oracle or other authorized sources. This may involve running scripts, applying patches manually, or using automated patching tools.
Test the environment: Perform thorough testing to ensure that the patches have been applied successfully and that the environment is functioning correctly. This may include functional testing, performance testing, and security testing.
Document the patching process: Keep detailed records of the patching process, including the patches applied, the dates and times of application, and any issues encountered during the process.
Monitor the environment: Continuously monitor the environment to ensure that it remains secure and stable after patching. This may involve monitoring logs, system metrics, and other indicators of potential issues.
It's important to note that the specific steps and tools used for patching will depend on the products and versions being patched, as well as the environment in which they are deployed. It's always recommended to follow the official guidance provided by Oracle or other authorized sources when applying patches.
Oracle CPU Announcements:
The Critical Patch Update Advisory serves as the primary resource for reviewing all related advisories, security alerts, and bulletins issued by Oracle. This document provides a comprehensive list of affected products, risk assessments for the vulnerabilities addressed, and links to additional relevant documentation.
Prior to applying patches, it is crucial to thoroughly examine the supporting materials referenced in the Critical Patch Update Advisory.
The next four Critical Patch Update release dates are:
16 January 2024
16 April 2024
16 July 2024
15 October 2024
Where can we find CPU patches ?
We can review the below notes and find out patches that are released to the specific product and review the readme of the patch to understand the patching procedure to be followed.
Critical Patch Update (CPU) Patch Advisor for Oracle Fusion Middleware - Updated for January 2024 (Doc ID 2806740.2)
Critical Patch Update (CPU) Program Oct 2023 Patch Availability Document (DB-only) (Doc ID 2966413.1)