Oracle Critical Patch Updates and security Alerts

You might have noticed recently that Oracle has started new patching CPU (Critical Patch Update) and Oracle is Quite serious about it . These patches are not only for Oracle Applications 11i but they are for entire Oracle Products (11i, database, 10g application server, collaboration suite, Peoplesoft, JDEdward..) . Today and in my subsequent posts I’ll cover Oracle Critical patches & security Alerts.

You can find everything about CPU in metalink Notes & from Oracle’s site (Link Mentioned below)
*Below post are mentioned here for information only, Ideas expressed below are my own.

What is Critical Patch Updates ?
All Security Issues/Bugs are bundled together & shipped as patch every quarter( 3 months, usually in Jan,April,July, Oct.) , these patches are called as Critical Patch Updates or CPU’s.
Before CPU’s (before 2005) Oracle Used to release these security patch with Alert i.e. Alert 21 or Alert 68.

What are Security Issues / Bugs ?
These vary from getting Unauthorized Access to Application to Attacking your Server so that real can’t access apps (Denial of Service)…
Lets take an example that if you can login to application or retrieve information without Authenicating that might be counted as Security Issue.

Where to find more information on Oracle Security Alerts & Critical Patch Updates ?
You can find most of required information on Oracle’s Site at
I know its quite difficult to understand whole document in first reading so read two three times & for your convenience I will update more on how to read this document & how to apply CPU w.r.t. Oracle Applications 11i E-Business Suite (I’ll not cover CPU for other components like Application Server or Collaboration Suite here , If you have these components integrated with 11i kindly check respective documentation)

What is some one discovers very major security breach in Oracle Applications ?
In my views Oracle understand criticality of your system & they will release unschedule security patch in that Case.

Important Point w.r.t. CPU for E-Business Suite
There is exception on CPU for E-Business Suite that they are not cumulative which means if you have applied a patch for July 2006 that doesn’t mean that all bugs fixed in April 2006 CPU are also included in July 2006. For other oracle products CPU patches are cumulative.

About How to apply CPU patches Coming Soon……

Share This Post with Your Friends over Social Media!

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

Yury Velikanovs says September 11, 2006


Just wonder if you have tried to apply full Apps CPU set? Have you done complete patch analysis? How many CPU-s you had to apply end of the day?


Atul Kumar says September 12, 2006

Yes I have applied full Apps CPU for Jan, Our enterprise policy is to apply every six months so two CPU together.


Anonymous says September 18, 2006

Hi Atul,
could you please explain step wise procedure for how to apply CPU related patches.
It will be grate for all of us.

Thanks in Advance


Atul Kumar says September 18, 2006

I’ll do it after staged appl_top or just before oct. CPU


Anonymous says February 27, 2007

Any advices on that DST issue?

Atul Kumar says February 27, 2007

Hi Anonymous is this for Day Light Savings time ?

Arvind says April 25, 2007

Hi !

One quick question (may sound dumb though ) – Where does one apply the CPU ? Webtier or CM-Tier ?

sourabh gupta says July 22, 2008

how to check wether any CPU is certified with 10gr2…plz give me complete path i am not able to find it on ceritification matrics.

Add Your Reply