Oracle CPU Vulnerabilities and Database Proactive Bundle Patch

oracleoracle-12cpatching

I've applied the latest Oracle 12c Database Proactive Bundle Patch (DBBP).

My security team runs scans and April 2015 CPU (amongst other CPUs) continues to show up as vulnerabilities.

I need to prove that DBBP is a cumulative patch and all those old vulnerabilities are fixed.

sys.registry$history doesn't help

select ACTION,NAMESPACE,COMMENTS from registry$history;
ACTION                    NAMESPACE    VERSION     COMMENTS
------------------------- ------------ ------------------------
UPGRADE                   SERVER        12.2.0.1.0 Upgraded from 12.1.0.2.0

opatch lsinventory -bugs_fixed or opatch lsinventory -details
isn't giving me what I want.

How can I find out what vulnerabilities are in April 2015 CPU and prove that DBBP has mitigated them???

Best Answer

The key word you're looking for is "cumulative".

Note 1962125.1 (Oracle Database - Overview of Database Patch Delivery Methods), includes this text about Bundle Patches:

Bundle Patch (BP)
- a cumulative collection of fixes to address bugs in a given feature, product, or configuration
     For example: Windows Database Bundle Patch, Database Patch for Exadata, Database Proactive Bundle Patch
- a superset of PSU

So that's all you should need to provide! BPs include all patches previously included in earlier BPs/PSUs.

Best Answer

Related Solutions

Oracle Patch Update

Oracle – Database Patch Update Doubts

Related Question