Welcome to Database Patch News, August 2024 Edition!

Buda Consulting’s newsletter of current patch information for Oracle and Microsoft SQL Server.
Here you’ll find information recently made available on patches—including security patches—and unsupported versions.

Why should you care about patching vulnerabilities and bugs?
Two big reasons:

• Unpatched systems are a top cyber attack target. Patch releases literally advertise vulnerabilities to the hacker community. The longer you wait to patch, the greater your security risk.
  

• Along with running a supported database version, applying the latest patches ensures that you can get support from the vendor in case of an issue. Patching also helps eliminate downtime and lost productivity associated with bugs. 

Bugs and vulnerabilities exist in all aspects of an application.  Below is a list of bugs that have been fixed in both MS SQL Server and Oracle’s latest patch releases:

Oracle:

• 10121473 INCORRECT WAIT EVENT PARAMETER DESCRIPTION FOR “LIBRARY CACHE LOCK”
• 10123661 CURSOR SHARING OF “AS OF SCN” CURSORS
• 1297945 QH:FOLDER ERORR WHEN ATTEMPTING TO PLACE ITEMS ON EIT TAB
• 13742922 DI:PROVIDE COMMAND TO CLEAN OUT CSS LEASES
• 14219141 ACFS FILESYSTEM FULL DUE TO INODE TABLE
• 14570574 TKPROF RETURNS INCORRECT PARSING USERID FOR ANY ID > 65535
• 14735102 AC: SQLPLUS WITH TAC
• 15931756 QUERIES AGAINST SYS_FBA_TRACKEDTABLES DON’T USE BIND VARIABLES.

MS SQL Server:

• Fixes an issue in which maintenance plan logs might report garbled characters when the message reported involves non-ASCII characters.
• Fixes the following error that you encounter during a Volume Shadow Copy Service (VSS) restore on a SQL Server instance that has previously deleted databases:
  • Volume Shadow Copy Service error: Unexpected error calling routine GetVolumePathName is fail on the path <PathName> … The system cannot find the file specified.
• Fixes an issue in which the SQL Server Launchpad service can’t shut down properly when certain errors occur during startup.
• Fixes an issue in which the remote secondary replica shows Not Synchronizing for several minutes after successive failovers between local replicas. It occurs when configured in multi-subnet, multi-region configurations in the cloud with two or more local replicas and one or more remote replicas.
• Fixes an assertion dump issue (Location: hadrlogcapture.cpp:<LineNumber>; Expression: m_pFsManager->GetEnqueuedBlockId () < capturedLogBlockId || capturedLogBlockId == m_pDbPartner->GetFirstLogBlockIdToCapture ()) that you encounter when there are FILESTREAM transactions in an Always On availability group (AG).
• Adds performance monitor counters to the cluster log report when the health check timeout is reported.
• FIX: Memory exceeds the configured limits that are specified by memory.memorylimitmb in SQL Server (KB5042369)
• Fixes an assertion failure (Location: sosmemobj.cpp:2744; Expression: pvb->FInUse()) in CVariableInfo::PviRelease that you encounter when you use UTF-8 collations and the WITH RESULT SETS clause.
• Fixes two issues related to cardinality estimation (CE) feedback: plan cache leaks and access violations due to race conditions with statement recompilations.
• Fixes an issue in which change tracking auto cleanup consumes CPU in cycles every 30 minutes even if change tracking isn’t enabled on any databases.

Here are the latest patch updates for Oracle and SQL Server:

Oracle Patches:

23ai – Release Update 23.4 is available (36429488 (GI/DB) & 36197510 (JDK))
Regular support ends in April 30, 2029 and extended support ends in April 30, 2032.

21c – Release Update 21.15 is available (36696109 (GI/DB) & 36538658 (JDK))
Regular support ends in April 30, 2025.  Not eligible for extended support as this is not a long term release.

19c – Release Update 19.24 is available (36582629 (GI/DB) and 36538667 (OJVM))
Regular support ends in April 30, 2026 and extended support ends in April 2027.

12cR2 – Release Update JUL 2022 is available (34219654 (GI/DB) and 34086867 (OJVM))
No longer receiving patches.  Regular support ends in July 31, 2019 and restricted upgrade support ends in Dec 31, 2025.

MS SQL Server Patches:

SQL Server 2022

Cumulative update 14 (Latest build) Released July 2024

Mainstream support ends Jan 11, 2028

Extended support ends Jan 11, 2033

SQL Server 2019

Cumulative update 28  (Latest build) Released August 2024 

Mainstream support ends Jan 7, 2025

Extended support ends Jan 8, 2030

SQL Server 2017

Cumulative update 31 (Latest build) Released July 2024

Mainstream support ends Jul 13, 2022

Extended support ends Oct 12, 2027

SQL Server 2016 Service Pack 3

GDR security update (KB5014355) Released July, 2024

Mainstream support ends Jul 13, 2021

Extended support ends Jul 14, 2026

Note: All other Oracle & SQL Server versions not mentioned are no longer supported.

Be sure to keep your databases up to date!
~The Buda Team