Oracle Cloud Infrastructure Documentation

Patching for Oracle Databases

Patching is an important phase of a database lifecycle, enabling you to keep your external Databases up to date with bug fixes

Once Vulnerability Detection identifies unpatched vulnerabilities, Patching offers a hassle free one click transition from Vulnerability Detection to Patching, allowing you to remediate vulnerabilities by using recommended security patches or CVE ID for your fleet of Oracle databases. You can prioritize critical system remediation based on Vulnerability Severity, Database Version, Compliance status using gold image based out of place patching. You can automate workflows to create, modify, and refresh Gold Images. You can refresh Gold Images with the latest CPU, RU, MRP, and one off patches to patch or upgrade one or a fleet of databases.

Database Vulnerability Detection and Patching is a paid feature and pricing is calculated on the Host CPU Core per hour. Here, the Host is the database host running any number of databases (CDB/PDB).

Patching flow

Using automated patching, you ensure compliance, and strengthen security with fleet-wide updates and real-time threat intelligence while minimizing downtime in your environments.

Steps Required for Patching

Patching can be broken down into five steps that must be followed in the order prescribed:
Note

Currently only External Databases running on on-premise or Oracle Cloud Infrastructure Virtual Machines on Linux operating system are supported.
  1. Onboarding: Ensure all Onboarding tasks are complete and familiarize yourself with the Patching UI.
    1. Perform Prerequisites for Patching.
    2. Obtain Required Permissions
    3. Enable Vulnerability Detection and Patching
    4. About Patch Management UI Operations.
  2. Create an Image: An image represents a versioned software binary that is patched to the latest required level. Each version of the image, also called image version for short, represents a database release consisting of database release updates (RUs) and other patches. When you create a Software image, you create a new version of the image. It is advisable to create one image for each database release. However, you have situations where application specific databases need their own specific set of patches (in addition to the database RUs). In such cases, consider creating and maintaining one image for each such set of databases.

    For detailed steps see: Create a New Image or a New Version of an Image.

  3. Subscribe databases: Once the image has been created, you need to subscribe the databases to the image.

    For detailed steps see: Subscribe a Database to an Image.

  4. Mark an image version as current: The current image version, is the most current up-to-date standard desired with respect to patches. This image version will be deployed by Patch Management, during the patching process.
    Note

    Marking an image as current is only for already existing image versions. If you are creating a new version it will be marked as Current as default.

    For detailed steps see: Mark a Version as Current.

  5. Update the database: The final step where the marked as current image software is deployed, the listener is migrated to the newly deployed Oracle Home and the database is updated.

    For detailed steps see: Update a Database.

You can review and track submitted patch operations in detail, for more information see: Monitor Patch Operations.