1) Will the patches be created for all versions on all platforms?

   No. The patches will be created to install on top of the latest
   patchset for all supported releases. For example, if you have Sun
   Solaris 8.1.6, then you will see a patch for 8.1.6.3 only and there
   will be no patch for earlier patch sets for this platform. Please
   use the matrix below to verify release and patch availability for
   your platform.

2) What about NT and various versions?

   Yes, Patches will be created for NT4 as well NT2000.
   They will be included in 8.1.7.1.4, 8.1.6.3.6 and
   the latest version of 8.0.6.3.x. See matrix below.

3) What about 32/64 bit combinations?

   Both 32 and 64 bit patches will be created for Sun Solaris,
   HP/UX, and IBM AIX. Please use the matrix below to identify the
   correct patch.

4) What about older releases? (8.1.5, 7.3.4, 8.0.5)

   These are desupported releases and patches will not be created
   except for those platforms which have terminal release earlier
   than the current supported releases, 8.1.7.1, 8.1.6.3 and 8.0.6.3.
   Use the matrix below to verify release and patch availability for
   your platform.

5) What about other platforms (irix, netware, sgi)?

   All platforms are included, check the matrix below to verify
   release and patch availability for your platform.

6) If there is not a patch for my version does that mean I am at risk?

   Yes, a customer is at risk for a security issue on desupported
   platforms if the workaround is not applied. (See workaround #8 below)

7) Is a patch needed for Oracle 9i?

   No, the fixes have already been implemented in Oracle 9i.

8) My patch is not yet available, are there any workarounds that I can
   implement?

   Yes, you can run a single patched listener that supports all of the Oracle
   instances on a system.

   To do this create a separate Oracle Home and install a supported Oracle
   version that is patched for the security issue. You can run the
   listener from this new home and service instances in non-protected
   homes. To do this, add the instances and their Oracle Homes to the
   sid_list section of the new listener.

   Example of an 8.1.7.1 listener.ora servicing non-patched Oracle versions
   on the same system:

   LISTENER =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = TCP)(HOST = hostname)(PORT = 1521))
    )

   SID_LIST_LISTENER =
    (SID_LIST =
      (SID_DESC =
        (SID_NAME = P817)
        (ORACLE_HOME = /u01/app/oracle/product/8.1.7.0)
      )
      (SID_DESC =
        (SID_NAME = P816)
        (ORACLE_HOME = /u01/app/oracle/product/8.1.6.0)
      )
    )
 

Patch Availability Matrix (should be printed in landscape mode)

This matrix provides current availability information on the listener vulnerability patch.  To locate a patch,
match an operating system with a version of Oracle and query the resultant patch number in Metalink.
For example, the patch required for Solaris-32bit running Oracle 8.1.6.3 is patch number 1859654.  That
patch number would then be queried in Metalink.

To download the patch folow these instructions:
1. Click on "Patches" in the left-side menu
2. Click on "==> Click here for Patches released after February 19, 2001 and for all Application Patches."
3. In the "Patch Number" field, type in the patch number from the matrix
4. Download the appropriate patch.
 

	8.1.7.1	8.1.7.0	8.1.6.3	8.1.6.2	8.1.6.1	8.1.6.0	8.0.6.3	8.0.6.2	8.0.6.1	8.0.6.0	7.3.4
Solaris-32	1859604	NO	1859654	1859778*	NO	NO	1864109	NO	NO	NO	NO
IBM/AIX-32	1859604	NO	1859654	NO	NO	NO	1864109	NO	NO	NO	NO
IBM/AIX-64	1859604	NO	1859654	NO	NO	NO	1864109	NO	NO	NO	NO
NT	8.1.7.1.4*	NO	ETA 8/13*	NO	NO	NO	ETA 7/23*	NO	NO	NO	NO
HP-32(10.20)	NO	NO	NO	NO	NO	NO	1864109	NO	NO	NO	NO
HP-32(11.0)	1859604	NO	1859654*	NO	NO	NO	1864109	NO	NO	NO	NO
HP-64	1859604	NO	1859654*	NO	NO	NO	1864109	NO	NO	NO	NO
TRU-64	1859604	NO	1859654*	NO	NO	NO	1864109	NO	NO	NO	NO
Linux(RH5.1)	NO	NO	NO	NO	NO	NO	ETA 8/3	NO	1864161	NO	NO
Linux(RH6.0)	1859604	NO	NO	1859778	NO	NO	WIP	NO	NO	NO	NO
Intel Solaris	1859604	NO	1859654	NO	NO	NO	1864109	NO	NO	NO	NO
Data General	NO	WIP	NO	NO	1859788	NO	1864109	NO	NO	NO	NO
Unixware	NO	WIP	1859654	NO	NO	NO	NO	NO	NO	NO	NO
Solaris-64	WIP	WIP	NO	NO	WIP	NO	NO	NO	NO	NO	NO
SGI-IRIX-32	NO	NO	NO	NO	NO	NO	NO	NO	WIP	NO	NO
SGI-IRIX-64	NO	WIP	NO	NO	NO	WIP	NO	NO	NO	NO	NO
Seimens(Reliant)	NO	WIP	NO	NO	NO	NO	NO	NO	NO	NO	NO
Seimens-64	NO	WIP	NO	NO	NO	NO	NO	NO	NO	NO	NO
NCR	NO	NO	NO	NO	NO	NO	WIP	NO	NO	NO	NO
Fujitsu-DS	NO	NO	NO	NO	NO	NO	WIP	NO	NO	NO	NO
Novell	NO	NO	NO	NO	WIP	NO	NO	NO	NO	NO	NO
Hitachi	NO	NO	NO	NO	NO	NO	WIP	NO	NO	NO	NO
Alpha OpenVMS	NO	1859628	NO	NO	NO	NO	NO	NO	NO	NO	NO
IBM OS/390	WIP	NO	NO	NO	NO	NO	NO	NO	NO	NO	NO

Legend
NO - A patch will not be created for that platform and version of Oracle.
     An upgrade to a patched level of Oracle will be required.
WIP - A patch is being created but is not yet complete.  The matrix will be updated
      upon completion.
ETA - Only estimated release dates

* - NT/8.1.7.1 - The patch is included in the 8.1.7.1.4 Oracle patchset
  - HP-32(11.0)/8.1.6.3 - The patch is included in the 8.1.6.3.1 Oracle patchset.
                          You have the option of upgrading Oracle or applying just
                          the patch if 8.1.6.3.0 is already installed.
  - HP-64/8.1.6.3 - The patch is included in the 8.1.6.3.2 Oracle patchset
                    You have the option of upgrading Oracle or applying just
                    the patch if 8.1.6.3.0 is already installed.
  - TRU-64/8.1.6.3 - The patch is included in the 8.1.6.3.1 Oracle Patchset
                     You have the option of upgrading Oracle or applying just
                     the patch if 8.1.6.3.0 is already installed.
  - Solaris-32/8.1.6.2 - This patch is for customers running Oracle Exchange.
  - NT/8.1.6.3 - To be included in 8.1.6.3.6
  - NT/8.0.6.3 - To be included in 8.0.6.3.2