Applying call manager security patches

Similar Messages

• Why is auditd going crazy after applying Jan-2015 security patches for Solaris10 ?

  After patches applied the auditd is writing appx. 1 GB of data in log file in 4 hours on a system with nobody logged in.  Auditd was restarted via cron to save log and start new one, then was ok for a period.  Later the same day  went crazy again.  Ideas ? Thanks

  This should not. Please check the audit log file and look if a specific entry is written again and again

• Latest Security Patch for Oracle DB 10.2.0.4 on 11.5.10.2 environment

  We have SUNOS 5.10 with database 10.2.0.4 on 11.5.10.2 environment. The requirement is to patch latest security patch.
  last patch was done 17-FEB-2009 ( retrived from registry$history). So, i would like to apply the latest security patch.
  Please somebody let me know which one is the latest patch to be applied for this environment.
  Thanks
  Dheeru

  Hi Hussein,
  The customer can install CPU Patch or PSU Patch on top of 10.2.0.4. I agree with you but I think you are misunderstanding for what I am trying to say. Why not go for the latest Patch Set 4 (10.2.0.5) and then apply CPU Patch 9952270 or PSU Patch 9952230 on top of it (recommended). Every quarter, Oracle provides Critical Patch Updates (CPU) to address security vulnerabilities, and Patch Set Updates (PSU) to address proactive, critical fixes and security vulnerabilities. When deciding for CPU or PSU, please consider the following guidelines:
  Critical Patch Updates and Patch Set Updates
  The Patch Set Updates and Critical Patch Updates that are released each quarter contain the same security fixes. However, they use different patching mechanisms, and Patch Set Updates include both security and recommended bug fixes. Consider the following guidelines when you are deciding to apply Patch Set Updates instead of Critical Patch Updates.
  1) Critical Patch Updates are applied only on the base release version, for example 10.2.0.4.0.
  2) Patch Set Updates can be applied on the base release version or on any earlier Patch Set Update. For example, 11.1.0.7.2 can be applied on 11.1.0.7.1 and 11.1.0.7.0.
  3) Once a Patch Set Update has been applied, the recommended way to get future security content is to apply subsequent Patch Set Updates. Reverting from an applied
  Patch Set Update back to the Critical Patch Update, while technically possible, requires significant time and effort, and is not advised.
  Regards,
  Shahid

• OS and DB Security patches and updates

  Dear Experts,
  We are going through SOX audits. Auditor is asking me about applied latest OS and Oracle patches to secure SAP systems from threats and attacks.
  I told them that we are running on Solaris 9 with Oracle 9.2.0.5
  and our severs are behind CHECKPOINT Firewall, and also we have never faced any security breaches and threats and also not facing any performance and efficiency problems in our system.
  However, they still persist me about critical security patches for Solaris and Oracle.
  Please tell me should I go for applying security patches of Solaris or Oracle if any. I am very worried about possible problems after applying of those security patches.
  Please guide me about this issue and tell me about proven and trusted security patches for Solaris 9 and Oracle 9.2.0.5
  Best Regards
  Waqas Ahmad

  > I told them that we are running on Solaris 9 with Oracle 9.2.0.5
  First I would like to tell you that your current Oracle version is out of extended support (see SAP on Oracle and the notes the first chapter points to). To get actual (security) patches I would highly recommend upgrading to 10.2.0.4.
  > However, they still persist me about critical security patches for Solaris and Oracle.
  They do that because most of the "attacks" to server come from internal users, not from external.
  > Please guide me about this issue and tell me about proven and trusted security patches for Solaris 9 and Oracle 9.2.0.5
  For the operating system I would use pca (Patch Check Advanced) - a free too to download and install patches - works like charm (http://www.par.univie.ac.at/solaris/pca/). It can be configured to only download and install security relevant patches.
  For Oracle you should install the latest patchset (for 9.2 it's 9.2.0.8 and all the necessary interim patches) and the critical patch updates. However, those CPUs may conflict with necessary other patches so you can either use CPU or the necessary interim patches.
  Check note 938986 - Oracle Database 9.2: Patches for 9.2.0
  Markus

• Cmd biee service windows left only one after win. cumulative security patch

  Customer (3-5456748787) reported that the cmd obiee service windows left only one (instead of the usual two) after applying window cumulative security patches.
  No change was made to the shortcut Start BI Services and they like to find out why they are getting one cmd window now.
  Customer installed the 11115 environment using Simple Install option.
  Everything else is working fine as normal. Any idea why and what caused the cmd window to disappear?
  I can't find vcap image for 11115 Simple Install option. Anyone has one environment that I can verify this?
  Thanks
  Teik

  Hi Teik,
  I could not check this as I do not have any environment at the moment, but I think this is due to the changes in the 11.1.1.5 installation modes.
  If I am right, the "Start BI Services" through the windows start menu, starts the BI weblogic servers and then the opmn and the nqserver processes. In 11.1.1.5 Simple mode, there is only one weblogic server (Admin Server) and there is only one command window.
  I am sorry if I got this wrong.
  Hope this helps.
  Thank you,
  Dhar

• Oracle Security Patch Error while applying --The filename, directory name,

  Hello,
  I am running into strange error while applying Oracle Security Patch 68 by using Opatch.
  Supposedly, All the environment variables are set properly.
  ACTIVE_STATE_PERL=true
  DBMS_TYPE=ORA
  dbs_ora_tnsname=YBQ
  JAVA_HOME=C:\jdk1.3.1_10
  OPATCH_DEBUG=TRUE
  ORACLE_HOME=E:\oracle\ora92
  ORACLE_SID=YBQ
  Path=E:\oracle\OPatch;C:\jdk1.3.1_10\bin;E:\oracle\Perl\bin;E:\oracle\ora92\jre\1.4.2\bin\client;E:\oracle\ora92\jre\1.4.2\bin;E:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\VERITAS Shared;\NetBackup\bin;C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Support Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;E:\usr\sap\YBQ\SYS\exe\run
  Installed Active Perl. latest version
  downloaded Opatch 1.0.0.50
  and the patch number 3738339
  I went to that directory and run the command :
  perl opatch.pl apply
  It started of well.
  OPatch version is: 1.0.0.0.50
  Using ORACLE_HOME/oui to look up oui libs...
  Oracle Home = E:\oracle\ora92
  Location of Oracle Inventory = E:\oracle\ora92\inventory
  Oracle Universal Installer shared library = E:\oracle\ora92\oui\lib\win32\oraInstaller.dll
  Path to Java = "E:\oracle\ora92\jre\1.4.2\bin\java.exe"
  Location of Oracle Inventory Pointer = N/A
  Location of Oracle Universal Installer components = E:\oracle\ora92\oui
  Required Jar File under Oracle Universal Installer = jlib\OraInstaller.jar
  find under OH/oui/jlib
  found OraInstaller.jar
  Checking if this is a RAC system...
  Accessing inventory... This may take up to 300 seconds.
  (retry 10 times, delay 30 seconds each time)
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;.:E:\oracle\ora92\jlib\srvm.jar" opatch/O2O "e:\oracle\ora92" "E:\oracle\ora92\oui" opatch.pl 1.0.0.0.50"
  Result:
  ----- DEBUG is ON -------
  oracle.installer.startup_location will be set to E:\oracle\ora92\oui
  oracle.installer.oui_loc will be set to E:\oracle\ora92\oui
  oracle.installer.scratchPath will be set to /tmp
  opatch.local_node_only is OFF
  retryOption is ON: 10
  delayOption is ON: 30
  Few more stuff here .. not pasting the entire contents
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;." opatch/CheckConflict "E:\oracle\ora92\oui" "e:\oracle\ora92" opatch.pl 1.0.0.0.50 3738339 "3741539 3528282 3516951 3622875 3668572 3371796 3239873 3356103 3543125 3666502 2800494 2824035 2964252 3617042 3320622 3571233 3253770 3492040 3566469 3354470 3625370 3583686 3150750 3617519 3635177 3597640 3749394 3542588 3698501 2954891 2918138 3559212 3518909 3412818 3430832 3172282 3358490 3637624 3458446 3179637 2810394 3668224 3609791 3566813 3475932 2338704 3412136 3388633 3540576 3571226 3575743 2690205 3240280 3509265 3177513 3575747 3811906 3554319 3752406 3323435 " E:\3738339\etc\config\actions"
  Result:
  opatch.pl version: 1.0.0.0.50
  Copyright (c) 2001-2004 Oracle Corporation. All Rights Reserved.
  The filename, directory name, or volume label syntax is incorrect.
  Error in executing Java program to check conflict
  ERROR: OPatch failed during pre-reqs check.
  Now there is no problem with executing the last java program in the same prompt by removing the first and the last double quote "
  Please advise.
  Thanks in advance.

  hi somnath,
  this is the portal content management forum. for your database question please use the database forums:
  http://forums.oracle.com/forums/index.jsp?cat=18
  thanks,
  christian

• Hi, I don't know how to find a specific security patch to apply to my Oracle database version to fix a vulnerability

  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help

  2835604 wrote:
  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help
  that sounds like the "tns poison" vulnerability.  CVE 2012-1675 - Oracle Security Alert CVE-2012-1675
  See MOS note 134083.1  and 1453883.1

• Creating new databases after latest security patch applied

  10.2.0.4
  If I create a database AFTEr applying the opatch for the October 2009 security patch, do I need to also run:
  @catbundle.sql cpu apply
  Or is it included in the create database? I use the DBCA to create new databases.

  user8574962 wrote:
  This is what Oracle states on metalink doc id: 422303.1
  Once the bundle patch or the Critical Patch Update (CPU) patch is applied on an ORACLE_HOME should you run post-installation scripts for every newly created Oracle database using the same ORACLE_HOME?
  Solution
  This should be documented in the patch's README as the answer will vary with each patch.
  If the patch's README is not documented, then the Post Install tasks should be run.
  And this is what the OCTCPU09 README says:
  3.3.3 Post Installation Instructions for Databases Created or Upgraded after Installation of CPUOct2009 in the Oracle Home
  These instructions are for both non-RAC environments and RAC environments when a database is created or upgraded after the installation of CPUOct2009.
  You must execute the steps in Section 3.3.2.1, "Loading Modified .sql Files into the Database" for any new database only if it was created by any of the following methods:
  Using DBCA (Database Configuration Assistant) to select a sample database (General, Data Warehouse, Transaction Processing)
  Using a script that was created by DBCA that creates a database from a sample database
  Hope that helps.Point taken that it could vary by patchset, but those particular instructions quoted square exactly with what I had said. To quote with emphasis:
  "You must execute the steps . . . for any new database *only if* it was created by any of the following methods . . ."
  And what are those methods? Creating the database from a sample (pre-patch) database. If one uses dbca to create a 'custom' database, the resulting scripts will start from scratch with a CREATE DATABASE command - no pre-patch version sample or seed database involved.
  :-)

• How to apply Security Patch

  How do I apply the "DOS Attack" security patch for WLS 6.1 on Win2K
  Please help
  Thanks

  Balram,
  Put the jar file in the front of your classpath to apply the patch.
  Regards,
  Michael
  Stephane Kergozien wrote:
  Hi Balram,
  You will find security patches for WLS 6.1 in the following URL
  http://dev2dev.bea.com/index.jsp
  advisories and notifications Paragraph
  Regards
  Stephane
  Balram wrote:
  How do I apply the "DOS Attack" security patch for WLS 6.1 on Win2K
  Please help
  Thanks--
  Regards,
  Stephane Kergozien
  BEA Support--
  Michael Young
  Developer Relations Engineer
  BEA Support

• Applying advisor security patches

  HOw do you implement advisor security patches on WLS 8.1
  Max

  When i am applying getting bellow error
  Oracle Home : /usr/app/oracle/product/11.2.0/client_1
  Central Inventory : /usr/app/oraInventory
  from : /etc/oraInst.loc
  OPatch version : 11.1.0.6.6
  OUI version : 11.2.0.1.0
  OUI location : /usr/app/oracle/product/11.2.0/client_1/oui
  Log file location : /usr/app/oracle/product/11.2.0/client_1/cfgtoollogs/opatch/opatch2013-05-29_15-35-07PM.log
  Patch history file: /usr/app/oracle/product/11.2.0/client_1/cfgtoollogs/opatch/opatch_history.txt
  ApplySession applying interim patch '16504136' to OH '/usr/app/oracle/product/11.2.0/client_1'
  Running prerequisite checks...
  Prerequisite check "CheckApplicable" failed.
  The details are:
  Patch 16504136: Required component(s) missing : [ oracle.bi.biinst, 11.1.1.6.0 ]
  ApplySession failed during prerequisite checks: Prerequisite check "CheckApplicable" failed.
  System intact, OPatch will not attempt to restore the system
  OPatch failed with error code 74
  [oracle@PDC-CRM-BI01 16504136]$ OPatch failed with error code 74

• Applying security patch to Oracle 10G on Linux

  Hello,
  I'm new to Oracle DBA world, need to apply security patch to Oracle 10G on Linux server, any tips and notes would be appreciated.
  thanks
  Sam

  Manish,
  1. I have to upgrade the database version from 10.2.0.2 to 10.2.0.4 on Linux, Is there any proper documentation which will help me out?Please refer to the following document.
  Note: 454750.1 - Oracle Apps Release 12 with Oracle Database 10.2.0 interoperability notes
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=454750.1
  2. What are the types of oracle database patches? what is the proper procedure to apply those kind of patches to Oracle 10g on Linux?
  Most of the patches in this upgrade are database patches (which should be applied using opatch). The main upgrade patch (Patch 6810189 - 10.2.0.4 patch set) should be applied using Oracle Universal Installer (runInstaller).
  Always follow the steps in the patch README file before applying any patch.
  Regards,
  Hussein

• Determine which security patch or Critical patch update has been applied

  Hi,
  Anyone know how to determine which security patch or Critical patch update has been applied to the database? For Unix and also Win 2000k database server..
  Thank You

  Use the lsinventory command of opatch (Oracle's patch
  installation tool) to list the patches installed.
  If you have Perl and opatch installed, this is simply
  a matter of typing:
  opatch lsinventory
  from the command line.
  For further information on opatch, see metalink note
  293369.1
  Hope this helps.
  Kailash.

• Reset Security Password Call Manager 7.x

  Hello,
  I need insert a Subscriber Call Manager in a node with a Publisher, but I don´t know the Security Password in the node Publisher.
  How can I reset or recover this password?
  Tks
  Manoel Dias

  Resetting Administrator and Security Passwords
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch2.html#wp1044244
  EDIT: Brandon you beat me while i was looking for the link. =)
  HTH
  java
  If this helps, please rate
  www.cisco.com/go/pdihelpdesk

• Vulnerability/security patch management

  I'm looking for the best way to manage SAP security patches and vulnerabilities. We have to do a monthly assessment of the newly released vulnerabilities from SAP and determine if they relate to our systems. I'm having a hard time finding a good place to get a list of recently released notes.
  I found https://websmp210.sap-ag.de/security - click on Security Notes, but the list doesn't appear to list everything, and doesn't show what is new or updated from month to month. This creates a lot of manual work looking at each note every month.
  Does anyone know of any tools that can help with this. I'm looking for something like what Microsoft does with it's monthly security updates, and ideally a tool like WSUS that can analyze the systems to determine if they require the patch or not.

  Hello Jeff,
  Very good question! I have very often thought about this, and how I would like to have the information communicated to me without it being communicated to anyone else...
  Specifically regarding the security notes page, I have observed that the notes are added to the list at the top. However, the release date of the note, an update to the version of the note, nor a related note does not bump it to the top again nor influence the specific order.
  Certainly, the notes which are listed there are important ones (as indicated by Keerti)... or the principle is... some components are worth keeping an eye on, particularly if you use them or they are new.
  Alone the fact that they are published for all OSS users and additionally on that (security) page, should be reason enough to think seriously about implementing it or considering it in your own developments... If you look at some of them, you might also see they are corrections which enable security controls, so regarding your patch management I can also recommend that you differentiate between your "program error patching cycle", and your "correction and activation instruction cycle". Of course, some notes are not intrusive on customers who do not require the correction or are oblivious to it.... so you can patch until the cows come home... it will not help you until you activate the new security feature or change your technique... User types are an example of this.
  In some special cases, you need to have found the problem, before you are able to activate a solution for it. Sometimes you have to use the potentially problematic feature (setting up customizing or settings for it, and assigning authorizations to use it...) at which point the system will point things out to you. In other cases, the system will hassle you to change it for many reasons, not only the security reason.
  It makes sense to restrict authorizations and settings to only that which you use. That helps a lot. See various threads here on transaction SU24 for some examples from the authorizations aspect of security.
  Another tricky aspect is, once someone has a patch installed in their system or a security researcher has found a bug... should they make statements about it in the internet (followed by Smiley's :-)...? Often, a 90 day grace-period for admins is observed.
  If you stick around here at SDN and read some of the posts here carefully, then you can also learn a lot in a relatively short space of time, on an ongoing sort of distributed space of time....
  Reading the security wiki's and guides are also very helpfull of course.
  Risk rating can also be tricky. You might find that if your security analysts are all security or authorization admins, then they might prefer to go for program corrections rather than role changes... or concept changes... Management might even resist changes, for fear of them, their costs, etc.
  Regarding analyzing your systems, you might want to consider a "Security Optimization Service" session. You can also download this and maintain your own additional checks. That requires a small additional effort and cost. You can find more information on it by searching "OSS" and service.sap.com/security. In a 1 day or more detailed session if you want, you can cover many risks with a relatively low effort.
  I have participated in two of these (we requested them) and it was helpfull. I also provided some feedback to SAP suggesting checks and some risks. My take on it is: If we contribute to improving standard solutions (and reporting bugs), then we all benefit from it "for free" in the standard products.
  Last but not least, there is monitoring. You can learn a lot from the various monitoring possibilities (check your legal requirements for security there as well).
  Some thoughts from me for your interesting question,
  Julius

• Apply Latest Security Patches on Oracle Database 10g Express Edition (XE) ?

  Hi !
  I have an Oracle Database 10g Express Edition (XE) version 10.2.0.1.0 running on a Microsoft Windows 2003 SP2 server.
  I need to find and install the latest security patches on this database.
  Can someone inform me where I can find these patches and the steps for installing these patches?
  Thanks,
  Kind Regards,
  Shailesh

  Hi,
  Welcome 2 oracle forums :)
  Can someone inform me where I can find these patches and the steps for installing these patches?U can find all the latest security and all available patches on https://support.oracle.com/CSP/ --> Patches and updates tab
  Regards,
  X A H E E R