Pete Finnigan's Oracle Security Weblog

I made a note about Doug's blog post a week or so ago titled http://doug.burns.tripod.com/oracle/index.blog?entry_id=1132480 - (broken link) dba_registry where he discussed the fact that a select from the view DBA_REGISTRY didn't show the correct version after an upgrade had taken place. Doug went on to test this at home on 10g and he proved the version displayed in this view did not match the binaries. A couple of commenters (I cannot post a link to Doug's comments as they are accessed via Javascript - I think?) mention that fact that patching the software only doesn’t patch the database and that catpatch.sql needs to be run to update the views output. Doug seems embarrassed a little by this but this is common mistake. I believe this is partly because Oracles patch update mechanisms need to be simplified (which is now happening with recent patches) so that applying patches is more transparent and most importantly so that is is much easier to find out the exact patch level the software and database are at. This has not been consistent in the past. Ed Stangler talked many times a few months ago in his blog about catpatch.sql - My first post was on his series was Edward Stangler talks about running catpatch. I talked about this subject - prompted by Ed many times. See my archives page for details of these posts.