Monday, 14 July 2014

Oracle Critical Patch Updates for EPM\OBIEE - July 15th

So Oracle will be dropping several Critical Patch Updates on July 15th (I am writing this July 14th).

The list of patches that form this CPU is available here.

There are a lot of security vulnerabilities, affecting lots of EPM\BI products.

The following will affect your current EPM\BI installations (I have written my own notes in italics):

Oracle HTTP Server
OHS Server patched in January 2014 CPU patch
OHS WebLogic Plugin (mod_wl_ohs) patched in July 2014 CPU patch

Oracle Hyperion Essbase
Patched in

Oracle Hyperion BI+ (Reporting and Analysis)
Patched in

Oracle Hyperion Enterprise Performance Management Architect
Patched in

Oracle Common Admin
Patched in the HSS patch

Oracle Hyperion Analytic Provider Services
Patched in

The following might affect your EPM or BI installations, depending on what patching you have done:

Oracle WebLogic Server
(EPM ships with WL 10.3.4 and ships with WL 10.3.6)
(OBIEE is usually installed with WL 10.3.6 but your installation may be different) 
Patched in

Oracle JRockit
versions R27.8.2, R28.3.2 
(EPM ships with R28.0.2 and EPM ships with R28.2.5)
Patched in R28.3.3

All information is from the following webpage:

I will update this post as I learn new information.

Update 19:46 15/07/2014:
So according to this all CPUs are released by Oracle at 1PM Pacific Time. Today that is 21:00 BST (San Francisco is currently on daylight saving time and so is London). As soon as the CPU is released I will try to distill the available information and post it here.

Update 21:24 15/07/2014:
So it turns out BI Publisher is not affected. There is no patch released for BI Publisher.

OHS ships in EPM only. EPM ships with OHS You can check your version of OHS with the following command:

 E:\Oracle\Middleware\ohs\ohs\bin\httpd.exe -version

OHS will return "Server version: Oracle-HTTP-Server/2.2.22 (Win64)".
OHS will return "Server version: Oracle-HTTP-Server/2.2.15 (Win32)".

The OHS Server patch was released back in January of this year. The OHS WebLogic plugin (mod_wl_ohs) patch was only released today.

The EPM patches were all released earlier this year, if you are on the latest patchset you are covered.

I have not actually done a WebLogic upgrade on an EPM installation so I am not sure how much work is involved with that. I will need to investigate. The WebLogic patch was released back in April of this year.

The Jrockit patch would only apply to you if you upgraded your stock EPM Jrockit installation to R28.3.2. That patch was only released today.

To round up: 

Today has been a good learning experience for me. The majority of patches were already released much earlier, so if you have regular patching cycles you have nothing to fret.

You could get away with not patching Jrockit, if you can verify it was never updated in any of your environments.

WebLogic could be the trickiest part to patch, I will look into how to perform this patching for EPM and OBIEE and create a separate blog post.

Update 10:41 16/07/2014:
Clarified OHS versions for each release.

No comments:

Post a Comment