Engineered Systems | Sunday, October 5, 2014

Bash security fix made available for Exadata

By: Alejandro Vargas | Senior Advanced Support Engineer at Oracle Advanced Customer Services

Complete information about the security fix availability should be reviewed, before applying the fix, in MOS DOC:

 Responses to common Exadata security scan findings (Doc ID 1405320.1)

The security fix is available for download from:

http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/getPackage/bash-3.2-33.el5_11.4.x86_64.rpm

The summary installation instructions are as follows:

1) Download getPackage/bash-3.2-33.el5_11.4.x86_64.rpm

2) Copy bash-3.2-33.el5_11.4.x86_64.rpm into /tmp at both database and storage nodes.

3) Remove rpm  exadata-sun-computenode-exact

rpm -e exadata-sun-computenode-exact

4) On compute nodes install bash-3.2-33.el5_11.4.x86_64.rpm using this command:

 rpm -Uvh /tmp/bash-3.2-33.el5_11.4.x86_64.rpm

5) On storage nodes  install bash-3.2-33.el5_11.4.x86_64.rpm using this command:

rpm -Uvh --nodeps /tmp/bash-3.2-33.el5_11.4.x86_64.rpm

6) Remove /tmp/bash-3.2-33.el5_11.4.x86_64.rpm from all nodes

As a side effect of applyin this fix,  during future upgrades on the database nodes, a warning will appear informing:

The "exact package" was not found and it will use minimal instead.

That's a normal and expected message and will not interfere with the upgrade. 


Join the discussion

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
 

Visit the Oracle Blog

 

Contact Us

Oracle

Integrated Cloud Applications & Platform Services