oracle打补丁后如何应对绿盟误报安全漏洞

生产系统数据库一般会及时打补丁,但是验收安全扫描时,经常会有一些第三方的漏扫软件报出一堆安全漏洞,几乎每个项目都会遇见这样的尴尬问题【低级问题】:明明打了oracle官方的最新安全漏洞补丁,为什么还会有漏洞?这显然是第三方漏扫软件的问题,试想,到底是oracle官方的安全补丁可信度高,还是一些所谓的漏扫软件可信度高?答案是显然的,我们用着oracle的软件,只能相信oracle自身的安全补丁。

为此我特意写了一个专门的邮件让项目经理回复用户,全文如下,供参考。
=================================
XXX数据库集群已经打了oracle官方于2016年4月19日发布的最新的数据库安全补丁,详见如下所述。
 
一、背景知识:oracle的补丁类型
1、Critical Patch Update(CPU)

    CPU包含了Oracle产品安全漏洞的修复补丁集(set of security bug fix),一年发布四期。

2、Patch Set Update(PSU)

    PSU修改5位版本号的第5位。PSU与CPU一样,定期发布,一年发布四次,发布日期与CPU发布日期相同。

    PSU包括同期发布的CPU,只要安装PSU即可

二、固网激活数据库集群补丁情况
oracle11g RAC最新PSU补丁包【680M】如下:
打完补丁后的情况如下:
1、GRID集群打补丁后
[grid@dzgddb2:/u01/app/11.2.0/grid/OPatch]./opatch lsinv
Oracle Interim Patch Installer version 11.2.0.3.12
Copyright (c) 2016, Oracle Corporation. All rights reserved.

Oracle Home : /u01/app/11.2.0/grid
Central Inventory : /u01/app/oraInventory
from : /u01/app/11.2.0/grid/oraInst.loc
OPatch version : 11.2.0.3.12
OUI version : 11.2.0.4.0
Log file location : /u01/app/11.2.0/grid/cfgtoollogs/opatch/opatch2016-05-16_14-29-03PM_1.log

Lsinventory Output file location : /u01/app/11.2.0/grid/cfgtoollogs/opatch/lsinv/lsinventory2016-05-16_14-29-03PM.txt

--------------------------------------------------------------------------------
Local Machine Information::
Hostname: dzgddb2
ARU platform id: 226
ARU platform description:: Linux x86-64

Installed Top-level Products (1):

Oracle Grid Infrastructure 11g 11.2.0.4.0
There are 1 products installed in this Oracle Home.

Interim patches (3) :

Patch 22502505 : applied on Fri Apr 29 14:06:40 CST 2016
Unique Patch ID: 19880366
Patch description: "ACFS Patch Set Update : 11.2.0.4.160419 (22502505)"
Created on 17 Feb 2016, 00:12:23 hrs PST8PDT
Bugs fixed:
21369858, 16318126, 19690653, 17503605, 17203009, 17359415, 20140148
17611362, 17164243, 19053182, 17696547, 17488768, 18168684, 21519796
18143006, 21208140, 17428148, 17070158, 20438706, 17510275, 17172303
18610307, 17376318, 17721778, 22198405, 17699423, 18915417, 18155334
18321597, 19919907, 18185024, 17636008, 17363999, 20681968, 17475946

Patch 22502549 : applied on Fri Apr 29 14:06:12 CST 2016
Unique Patch ID: 19880366
Patch description: "OCW Patch Set Update : 11.2.0.4.160419 (22502549)"
Created on 11 Mar 2016, 01:34:48 hrs PST8PDT
Bugs fixed:
19270660, 18328800, 18508710, 18691572, 20038451, 21251192, 21232394
20365005, 17750548, 17387214, 17617807, 14497275, 20219458, 17733927
18180541, 18962892, 17292250, 17378618, 16759171, 20110156, 17843489
17065496, 13991403, 17273020, 17155238, 20012766, 21245437, 18261183
18053580, 20218012, 17013634, 17886392, 20995001, 17039197, 17947785
16317771, 10052729, 22353346, 20340620, 16237657, 20317221, 15917869
18199185, 18399991, 20186278, 17374271, 18024089, 16849642, 20746251
20246071, 14270845, 20552947, 18882642, 18414137, 17001914, 17927970
14378120, 16346413, 15986647, 18068871, 21222147, 18143836, 16206997
21982225, 19168690, 20235511, 18343490, 21875360, 16613232, 19276791
17722664, 20440643, 12928658, 18952577, 18520351, 16249829, 18226143
16076412, 18265482, 18229842, 17172091, 20676340, 17818075, 20091753
18231837, 14373486, 20136892, 17483479, 20551654, 18120545, 18729166
13843841, 21225209, 17405302, 18709496, 18330979, 18744838, 17087371
20531190, 14525998, 18187697, 20598625, 14385860, 18348155, 19479503
12928592, 17516024, 18370031, 17764053, 19272663, 17551223, 14671408
18272135, 14207615, 21255373, 17500165, 18875012, 14769643, 18464784
19558324, 18848125, 19241857, 14851828, 17955615, 20315294, 14693336
16284825, 17352230, 20014326, 17238586, 17089344, 17405605, 21327402
17531342, 19398098, 17159489, 17640316, 13823394, 16543190, 22024217
17983675, 20795241, 17598201, 17481314, 16281493, 18346135, 15986311
19601468, 17208793, 18700935, 18999857, 14076173, 18428146, 18352845
17435488, 20408163, 17592037, 18352846, 19616601, 17391726, 17387779
14777968, 15851860, 16206882, 20141091, 21113068, 20175174, 17305100
15832129, 19885321, 16901346, 17985714, 18536826, 17780903, 18752378
18946768, 16876500, 16875342, 17769597, 19955755, 16429265, 18336452
17273003, 17209968, 16988311, 20094984, 19319357, 17059927, 17046460
18053631, 16867761, 18774591, 21442094, 20235486, 19359787, 15869775
19642566, 17447588, 16798862, 15920201

Patch 22502456 : applied on Fri Apr 29 14:05:26 CST 2016
Unique Patch ID: 19856194
Patch description: "Database Patch Set Update : 11.2.0.4.160419 (22502456)"
Created on 21 Mar 2016, 11:49:22 hrs
Sub-patch 21948347; "Database Patch Set Update : 11.2.0.4.160119 (21948347)"
Sub-patch 21352635; "Database Patch Set Update : 11.2.0.4.8 (21352635)"
Sub-patch 20760982; "Database Patch Set Update : 11.2.0.4.7 (20760982)"
Sub-patch 20299013; "Database Patch Set Update : 11.2.0.4.6 (20299013)"
Sub-patch 19769489; "Database Patch Set Update : 11.2.0.4.5 (19769489)"
Sub-patch 19121551; "Database Patch Set Update : 11.2.0.4.4 (19121551)"
Sub-patch 18522509; "Database Patch Set Update : 11.2.0.4.3 (18522509)"
Sub-patch 18031668; "Database Patch Set Update : 11.2.0.4.2 (18031668)"
Sub-patch 17478514; "Database Patch Set Update : 11.2.0.4.1 (17478514)"
Bugs fixed:
17288409, 21051852, 17811429, 18607546, 17205719, 20506699, 17816865
17922254, 17754782, 16934803, 13364795, 17311728, 17441661, 17284817
16992075, 17446237, 14015842, 19972569, 21756677, 21538558, 20925795
17449815, 17375354, 19463897, 13866822, 17982555, 17235750, 17478514
18317531, 14338435, 18235390, 20803583, 13944971, 20142975, 17811789
16929165, 18704244, 20506706, 17546973, 20334344, 14054676, 17088068
17346091, 18264060, 17343514, 21538567, 19680952, 18471685, 19211724
13951456, 21847223, 16315398, 18744139, 16850630, 19049453, 18673304
17883081, 19915271, 18641419, 18262334, 17006183, 16065166, 18277454
16833527, 10136473, 18051556, 17865671, 17852463, 18554871, 17853498
18334586, 17551709, 17588480, 19827973, 17344412, 17842825, 18828868
17025461, 11883252, 13609098, 17239687, 17602269, 19197175, 22195457
18316692, 17313525, 12611721, 19544839, 18964939, 17600719, 18191164
19393542, 17571306, 18482502, 20777150, 19466309, 17040527, 17165204
18098207, 16785708, 17465741, 17174582, 16180763, 16777840, 12982566
19463893, 22195465, 16875449, 12816846, 17237521, 19358317, 17811438
17811447, 21983325, 17945983, 18762750, 16912439, 17184721, 18061914
17282229, 18331850, 18202441, 17082359, 18723434, 21972320, 19554106
14034426, 18339044, 19458377, 17752995, 20448824, 17891943, 17258090
17767676, 16668584, 18384391, 17040764, 17381384, 15913355, 18356166
14084247, 20596234, 20506715, 21756661, 13853126, 18203837, 14245531
21756699, 16043574, 22195441, 17848897, 17877323, 21453153, 17468141
20861693, 17786518, 17912217, 17037130, 18155762, 16956380, 17478145
17394950, 18641461, 18189036, 18619917, 17027426, 21352646, 16268425
22195492, 19584068, 18436307, 17265217, 17634921, 13498382, 21526048
19258504, 20004087, 17443671, 22195485, 18000422, 20004021, 22321756
17571039, 21067387, 16344544, 18009564, 14354737, 21286665, 18135678
18614015, 20441797, 18362222, 17835048, 16472716, 17936109, 17050888
17325413, 14010183, 18747196, 17761775, 16721594, 17082983, 20067212
21179898, 17302277, 18084625, 15990359, 18203835, 17297939, 17811456
16731148, 21168487, 13829543, 17215560, 14133975, 17694209, 17385178
18091059, 8322815, 17586955, 17201159, 17655634, 18331812, 19730508
18868646, 17648596, 16220077, 16069901, 17348614, 17393915, 17274537
17957017, 18096714, 17308789, 18436647, 14285317, 19289642, 14764829
18328509, 17622427, 22195477, 16943711, 22502493, 14368995, 17346671
18996843, 17783588, 21343838, 16618694, 17672719, 18856999, 18783224
17851160, 17546761, 17798953, 18273830, 22092979, 16596890, 19972566
16384983, 17726838, 17360606, 22321741, 13645875, 18199537, 16542886
21787056, 17889549, 14565184, 17071721, 17610798, 20299015, 21343897
22893153, 20657441, 17397545, 18230522, 16360112, 19769489, 12905058
18641451, 12747740, 18430495, 17016369, 17042658, 14602788, 17551063
19972568, 21517440, 18508861, 19788842, 14657740, 17332800, 13837378
19972564, 17186905, 18315328, 19699191, 17437634, 22353199, 18093615
19006849, 19013183, 17296856, 18674024, 17232014, 16855292, 17762296
14692762, 21051840, 17705023, 19121551, 21330264, 19854503, 21868720
19309466, 18681862, 18554763, 20558005, 17390160, 18456514, 16306373
13955826, 18139690, 17501491, 17752121, 21668627, 17299889, 17889583
18673325, 19721304, 18293054, 17242746, 17951233, 17649265, 18094246
19615136, 17011832, 16870214, 17477958, 18522509, 20631274, 16091637
17323222, 16595641, 16524926, 18228645, 18282562, 17596908, 17156148
18031668, 16494615, 22683225, 17545847, 17655240, 17614134, 13558557
17341326, 17891946, 17716305, 16392068, 19271443, 21351877, 18092127
18440047, 17614227, 14106803, 16903536, 18973907, 18673342, 19032867
17389192, 17612828, 16194160, 17006570, 17721717, 17390431, 17570240
16863422, 18325460, 19727057, 16422541, 19972570, 17267114, 18244962
21538485, 18765602, 18203838, 16198143, 17246576, 14829250, 17835627
18247991, 14458214, 21051862, 16692232, 17786278, 17227277, 16042673
16314254, 16228604, 16837842, 17393683, 17787259, 20331945, 20074391
15861775, 16399083, 18018515, 22683212, 18260550, 21051858, 17036973
16613964, 17080436, 16579084, 18384537, 18280813, 20296213, 16901385
15979965, 18441944, 16450169, 9756271, 17892268, 11733603, 16285691
17587063, 21343775, 16538760, 18180390, 18193833, 21387964, 21051833
17238511, 17824637, 16571443, 18306996, 14852021, 18674047, 17853456
12364061, 22195448

Rac system comprising of multiple nodes
Local node = dzgddb2
Remote node = dzgddb1
--------------------------------------------------------------------------------
OPatch succeeded.

2、database打补丁后
[oracle@dzgddb1:/u01/app/oracle/product/11.2.0/db_1/OPatch]./opatch lsinv
Oracle Interim Patch Installer version 11.2.0.3.12
Copyright (c) 2016, Oracle Corporation. All rights reserved.

Oracle Home : /u01/app/oracle/product/11.2.0/db_1
Central Inventory : /u01/app/oraInventory
from : /u01/app/oracle/product/11.2.0/db_1/oraInst.loc
OPatch version : 11.2.0.3.12
OUI version : 11.2.0.4.0
Log file location : /u01/app/oracle/product/11.2.0/db_1/cfgtoollogs/opatch/opatch2016-05-16_14-58-56PM_1.log

Lsinventory Output file location : /u01/app/oracle/product/11.2.0/db_1/cfgtoollogs/opatch/lsinv/lsinventory2016-05-16_14-58-56PM.txt

--------------------------------------------------------------------------------
Local Machine Information::
Hostname: dzgddb1
ARU platform id: 226
ARU platform description:: Linux x86-64

Installed Top-level Products (1):

Oracle Database 11g 11.2.0.4.0
There are 1 products installed in this Oracle Home.

Interim patches (2) :

Patch 22502549 : applied on Fri Apr 29 14:41:57 CST 2016
Unique Patch ID: 19880366
Patch description: "OCW Patch Set Update : 11.2.0.4.160419 (22502549)"
Created on 11 Mar 2016, 01:34:41 hrs PST8PDT
Bugs fixed:
19270660, 18328800, 18508710, 18691572, 20038451, 21251192, 21232394
20365005, 17750548, 17387214, 17617807, 14497275, 20219458, 17733927
18180541, 18962892, 17292250, 17378618, 16759171, 20110156, 17843489
17065496, 13991403, 17273020, 17155238, 20012766, 21245437, 18261183
18053580, 20218012, 17013634, 17886392, 20995001, 17039197, 17947785
16317771, 10052729, 22353346, 20340620, 16237657, 20317221, 15917869
18199185, 18399991, 20186278, 17374271, 18024089, 16849642, 20746251
20246071, 14270845, 20552947, 18882642, 18414137, 17001914, 17927970
14378120, 16346413, 15986647, 18068871, 21222147, 18143836, 16206997
21982225, 19168690, 20235511, 18343490, 21875360, 16613232, 19276791
17722664, 20440643, 12928658, 18952577, 18520351, 16249829, 18226143
16076412, 18265482, 18229842, 17172091, 20676340, 17818075, 20091753
18231837, 14373486, 20136892, 17483479, 20551654, 18120545, 18729166
13843841, 21225209, 17405302, 18709496, 18330979, 18744838, 17087371
20531190, 14525998, 18187697, 20598625, 14385860, 18348155, 19479503
12928592, 17516024, 18370031, 17764053, 19272663, 17551223, 14671408
18272135, 14207615, 21255373, 17500165, 18875012, 14769643, 18464784
19558324, 18848125, 19241857, 14851828, 17955615, 20315294, 14693336
16284825, 17352230, 20014326, 17238586, 17089344, 17405605, 21327402
17531342, 19398098, 17159489, 17640316, 13823394, 16543190, 22024217
17983675, 20795241, 17598201, 17481314, 16281493, 18346135, 15986311
19601468, 17208793, 18700935, 18999857, 14076173, 18428146, 18352845
17435488, 20408163, 17592037, 18352846, 19616601, 17391726, 17387779
14777968, 15851860, 16206882, 20141091, 21113068, 20175174, 17305100
15832129, 19885321, 16901346, 17985714, 18536826, 17780903, 18752378
18946768, 16876500, 16875342, 17769597, 19955755, 16429265, 18336452
17273003, 17209968, 16988311, 20094984, 19319357, 17059927, 17046460
18053631, 16867761, 18774591, 21442094, 20235486, 19359787, 15869775
19642566, 17447588, 16798862, 15920201

Patch 22502456 : applied on Fri Apr 29 14:41:10 CST 2016
Unique Patch ID: 19856194
Patch description: "Database Patch Set Update : 11.2.0.4.160419 (22502456)"
Created on 21 Mar 2016, 11:49:22 hrs
Sub-patch 21948347; "Database Patch Set Update : 11.2.0.4.160119 (21948347)"
Sub-patch 21352635; "Database Patch Set Update : 11.2.0.4.8 (21352635)"
Sub-patch 20760982; "Database Patch Set Update : 11.2.0.4.7 (20760982)"
Sub-patch 20299013; "Database Patch Set Update : 11.2.0.4.6 (20299013)"
Sub-patch 19769489; "Database Patch Set Update : 11.2.0.4.5 (19769489)"
Sub-patch 19121551; "Database Patch Set Update : 11.2.0.4.4 (19121551)"
Sub-patch 18522509; "Database Patch Set Update : 11.2.0.4.3 (18522509)"
Sub-patch 18031668; "Database Patch Set Update : 11.2.0.4.2 (18031668)"
Sub-patch 17478514; "Database Patch Set Update : 11.2.0.4.1 (17478514)"
Bugs fixed:
17288409, 21051852, 17811429, 18607546, 17205719, 20506699, 17816865
17922254, 17754782, 16934803, 13364795, 17311728, 17441661, 17284817
16992075, 17446237, 14015842, 19972569, 21756677, 21538558, 20925795
17449815, 17375354, 19463897, 13866822, 17982555, 17235750, 17478514
18317531, 14338435, 18235390, 20803583, 13944971, 20142975, 17811789
16929165, 18704244, 20506706, 17546973, 20334344, 14054676, 17088068
17346091, 18264060, 17343514, 21538567, 19680952, 18471685, 19211724
13951456, 21847223, 16315398, 18744139, 16850630, 19049453, 18673304
17883081, 19915271, 18641419, 18262334, 17006183, 16065166, 18277454
16833527, 10136473, 18051556, 17865671, 17852463, 18554871, 17853498
18334586, 17551709, 17588480, 19827973, 17344412, 17842825, 18828868
17025461, 11883252, 13609098, 17239687, 17602269, 19197175, 22195457
18316692, 17313525, 12611721, 19544839, 18964939, 17600719, 18191164
19393542, 17571306, 18482502, 20777150, 19466309, 17040527, 17165204
18098207, 16785708, 17465741, 17174582, 16180763, 16777840, 12982566
19463893, 22195465, 16875449, 12816846, 17237521, 19358317, 17811438
17811447, 21983325, 17945983, 18762750, 16912439, 17184721, 18061914
17282229, 18331850, 18202441, 17082359, 18723434, 21972320, 19554106
14034426, 18339044, 19458377, 17752995, 20448824, 17891943, 17258090
17767676, 16668584, 18384391, 17040764, 17381384, 15913355, 18356166
14084247, 20596234, 20506715, 21756661, 13853126, 18203837, 14245531
21756699, 16043574, 22195441, 17848897, 17877323, 21453153, 17468141
20861693, 17786518, 17912217, 17037130, 18155762, 16956380, 17478145
17394950, 18641461, 18189036, 18619917, 17027426, 21352646, 16268425
22195492, 19584068, 18436307, 17265217, 17634921, 13498382, 21526048
19258504, 20004087, 17443671, 22195485, 18000422, 20004021, 22321756
17571039, 21067387, 16344544, 18009564, 14354737, 21286665, 18135678
18614015, 20441797, 18362222, 17835048, 16472716, 17936109, 17050888
17325413, 14010183, 18747196, 17761775, 16721594, 17082983, 20067212
21179898, 17302277, 18084625, 15990359, 18203835, 17297939, 17811456
16731148, 21168487, 13829543, 17215560, 14133975, 17694209, 17385178
18091059, 8322815, 17586955, 17201159, 17655634, 18331812, 19730508
18868646, 17648596, 16220077, 16069901, 17348614, 17393915, 17274537
17957017, 18096714, 17308789, 18436647, 14285317, 19289642, 14764829
18328509, 17622427, 22195477, 16943711, 22502493, 14368995, 17346671
18996843, 17783588, 21343838, 16618694, 17672719, 18856999, 18783224
17851160, 17546761, 17798953, 18273830, 22092979, 16596890, 19972566
16384983, 17726838, 17360606, 22321741, 13645875, 18199537, 16542886
21787056, 17889549, 14565184, 17071721, 17610798, 20299015, 21343897
22893153, 20657441, 17397545, 18230522, 16360112, 19769489, 12905058
18641451, 12747740, 18430495, 17016369, 17042658, 14602788, 17551063
19972568, 21517440, 18508861, 19788842, 14657740, 17332800, 13837378
19972564, 17186905, 18315328, 19699191, 17437634, 22353199, 18093615
19006849, 19013183, 17296856, 18674024, 17232014, 16855292, 17762296
14692762, 21051840, 17705023, 19121551, 21330264, 19854503, 21868720
19309466, 18681862, 18554763, 20558005, 17390160, 18456514, 16306373
13955826, 18139690, 17501491, 17752121, 21668627, 17299889, 17889583
18673325, 19721304, 18293054, 17242746, 17951233, 17649265, 18094246
19615136, 17011832, 16870214, 17477958, 18522509, 20631274, 16091637
17323222, 16595641, 16524926, 18228645, 18282562, 17596908, 17156148
18031668, 16494615, 22683225, 17545847, 17655240, 17614134, 13558557
17341326, 17891946, 17716305, 16392068, 19271443, 21351877, 18092127
18440047, 17614227, 14106803, 16903536, 18973907, 18673342, 19032867
17389192, 17612828, 16194160, 17006570, 17721717, 17390431, 17570240
16863422, 18325460, 19727057, 16422541, 19972570, 17267114, 18244962
21538485, 18765602, 18203838, 16198143, 17246576, 14829250, 17835627
18247991, 14458214, 21051862, 16692232, 17786278, 17227277, 16042673
16314254, 16228604, 16837842, 17393683, 17787259, 20331945, 20074391
15861775, 16399083, 18018515, 22683212, 18260550, 21051858, 17036973
16613964, 17080436, 16579084, 18384537, 18280813, 20296213, 16901385
15979965, 18441944, 16450169, 9756271, 17892268, 11733603, 16285691
17587063, 21343775, 16538760, 18180390, 18193833, 21387964, 21051833
17238511, 17824637, 16571443, 18306996, 14852021, 18674047, 17853456
12364061, 22195448

Rac system comprising of multiple nodes
Local node = dzgddb1
Remote node = dzgddb2

--------------------------------------------------------------------------------
OPatch succeeded.

可见oracle集群相关模块打补丁后,最新的版本号都是:11.2.0.4.160419【Oracle于2016年4月19日最新发布】

发表评论

电子邮件地址不会被公开。 必填项已用*标注