I started this question in the 'New Features' forum when I originally suspected that the 'required patches' was related to the KBArticle field.  I now find that is not the case.

Why is it that when I select a certain patch as required, that other unrelated patches become selected as required?

For example: If I select Sun Solaris 9 patch 112912-01 (libinetcfg Patch - RepID 1A62) as required, then Sun Solaris 9 patch 113273-07 (/usr/lib/ssh/sshd Patch - RepID 1A14) also becomes selected.

Another example: If I select Windows patch KB832414_MSXML4.0_X86.exe (RepID 12BB) as required, then Windows patch KB832414_MSXML2.6_X86.exe (RepID 12BC) also becomes selected.  (I didn't want you to think I was picking on the Solaris patching )

Why are these other unwanted patches being selected?

Hi Pat,

If you select a patch as required, you are basically marking a "vulnerability" as "needs to be fixed".  If this same vulnerability exists on previous versions of an application, Patch Manager will set those patches are required also.  The main goal is to make sure this "vulnerabilty" is getting patched no matter which version of the application you have.

In your Microsoft example, if Patch Manager is showing two cases of KB832414, that means you have two cases of this vulnerability, therefore two patches will be marked as required (same KB numbers).

In your Solaris example, these patches are not the same vulnerability so they should not be getting selected.  We are now fixing our database and our Solaris query so this does not happen again.  Thank you for finding this.  We appreciate the opportunity to fix any queries or database issues we may have.

Thank You!

OK.  I can understand the rationale behind marking a "vulnerability" to be fixed across OS platforms/versions.  This approach works for the Microsoft platforms.  I do in fact have both MSXML2.6 and MSXML4.0 installed on the same server.

I have more of a problem with the Sun implementation of this.  I alluded to the problem initially in the thread:

http://www.nbtnet.newboundary.com/forum/shwmessage.aspx?ForumID=12&MessageID=954

Maybe I should expand on it a bit:

If I want to mark SunOS 5.9: patch libsldap ldap_cachemgr libldap 112960-30 (RepID 2ACB) as required, then the superceded patches 112960-24 (RepID 2851) and 112960-29 (RepID 2A4C) are also marked as required.

Similarly:  114344-09 (RepID 230D)  SunOS 5.9: kernel/drv/arp patch
                114344-10 (RepID 2A52)  SunOS 5.9: kernel/drv/arp patch
                114344-11 (RepID 2AC1)  SunOS 5.9: kernel/drv/arp patch
Selecting the 114344-11 version selects all three.

Note that according to the database, 114344-09, 114344-10, 112960-24, and 112960-29 are valid superceded patches (grey icon), but not obsoleted patches (red icon - 114344-07 & -08, and 112960-17 & -18 & -19 & -22 are not selected).

I admit that I have not tried "Install required..." due to my concern over this.  Am I correct in assuming that Prism Patch Manager would attempt to install all three versions of each of the above mentioned patches if I marked them as required?  Maybe this should be modified so that only the selected patch is marked as required?