I've applied the latest Oracle 12c Database Proactive Bundle Patch (DBBP).
My security team runs scans and April 2015 CPU (amongst other CPUs) continues to show up as vulnerabilities.
I need to prove that DBBP is a cumulative patch and all those old vulnerabilities are fixed.
sys.registry$history
doesn't help
select ACTION,NAMESPACE,COMMENTS from registry$history;
ACTION NAMESPACE VERSION COMMENTS
------------------------- ------------ ------------------------
UPGRADE SERVER 12.2.0.1.0 Upgraded from 12.1.0.2.0
opatch lsinventory -bugs_fixed
or opatch lsinventory -details
isn't giving me what I want.
How can I find out what vulnerabilities are in April 2015 CPU and prove that DBBP has mitigated them???
Best Answer
The key word you're looking for is "cumulative".
Note 1962125.1 (Oracle Database - Overview of Database Patch Delivery Methods), includes this text about Bundle Patches:
So that's all you should need to provide! BPs include all patches previously included in earlier BPs/PSUs.