Complete information about the security fix availability should be reviewed, before applying the fix, in MOS DOC:
Responses to common Exadata security scan findings (Doc ID 1405320.1)
The security fix is available for download from:
The summary installation instructions are as follows:
1) Download getPackage/bash-3.2-33.el5_11.4.x86_64.rpm
2) Copy bash-3.2-33.el5_11.4.x86_64.rpm into /tmp at both database and storage nodes.
3) Remove rpm exadata-sun-computenode-exact
rpm -e exadata-sun-computenode-exact
4) On compute nodes install bash-3.2-33.el5_11.4.x86_64.rpm using this command:
rpm -Uvh /tmp/bash-3.2-33.el5_11.4.x86_64.rpm
5) On storage nodes install bash-3.2-33.el5_11.4.x86_64.rpm using this command:
6) Remove /tmp/bash-3.2-33.el5_11.4.x86_64.rpm from all nodes
rpm -Uvh --nodeps /tmp/bash-3.2-33.el5_11.4.x86_64.rpm
As a side effect of applyin this fix, during future upgrades on the database nodes, a warning will appear informing:
The "exact package" was not found and it will use minimal instead.
That's a normal and expected message and will not interfere with the upgrade.