Month: October 2020

Patching Perl in Oracle database home binaries – CVE-2018-20843 and CVE-2019-15903

arcsdegeoLeave a comment

In Oracle Critical Patch Update (CPU) released in October 2020, Oracle has changed the advisory page ” non-exploitable vulnerabilities in each product family will be identified separately under each risk matrix, and the total vulnerability counts will no longer include non-exploitable vulnerabilities in third-party components.” according to Oracle: https://blogs.oracle.com/security/october-2020-critical-patch-update-released

So, basically Oracle will provides fixes for third party products such as Perl for example even though the vulnerabilities will not directly exploit the Oracle product…in our case here “Oracle database system”.

to update to the latest Perl build, its applicable to Oracle 18c,12cR2, and 12cR1….19c database binaries already shipped with latest Perl build that mitigates (CVE’s CVE-2018-20843 , CVE-2019-15903)

To patch Perl….download it from Oracle Support first.

Then, check the current version:

$ORACLE_HOME/perl/bin/perl -v

This is perl 5, version 22, subversion 0 (v5.22.0) built for x86_64-linux-thread-multi

Copyright 1987-2015, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the

GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on

this system using “man perl” or “perldoc perl”.  If you have access to the

Internet, point your browser at http://www.perl.org/, the Perl Home Page.

Go to the directory where you have download and unzipped the patch

cd /patches/Perl_patches/18c_Patch/31225444

using OPatch utility apply the patch (you need to check that you have the latest version of Opatch utility):

$ORACLE_HOME/OPatch/opatch apply

check the Perl version again:

$ORACLE_HOME/perl/bin/perl -v

This is perl 5, version 28, subversion 2 (v5.28.2) built for x86_64-linux-thread-multi

Copyright 1987-2019, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the

GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on

this system using “man perl” or “perldoc perl”.  If you have access to the

Internet, point your browser at http://www.perl.org/, the Perl Home Page.

Oracle database export datapump fails with ORA-39374 and ORA-01732

arcsdegeoLeave a comment

One of the databases I have recently upgraded to Oracle 12cR2 , the export datapump was failing and never continues to finish. This was wired….the following errors were thrown in the export log file:

ORA-39374: Statistics failed to export. Failing error is
ORA-01732: data manipulation operation not legal on this view

To troubleshoot this problem:

Try taking full database export datapump with the clause “EXCLUDE=STATISTICS

if this doesn’t fix your problem then check the parameter size of streams_pool_size it should be at least 300 MB. changing this parameter value actually fixed my problem !