Alejandro Vargas' Blog

Bash security fix made available for Exadata

Alejandro Vargas
Technical Leader, ACS Global Delivery, Infrastructure & BigData

Complete information about the security fix availability should be reviewed, before applying the fix, in MOS DOC:

 Responses to common Exadata security scan findings (Doc ID 1405320.1)

The security fix is available for download from:


The summary installation instructions are as follows:

1) Download getPackage/bash-3.2-33.el5_11.4.x86_64.rpm

2) Copy bash-3.2-33.el5_11.4.x86_64.rpm into /tmp at both database and storage nodes.

3) Remove rpm  exadata-sun-computenode-exact

rpm -e exadata-sun-computenode-exact

4) On compute nodes install bash-3.2-33.el5_11.4.x86_64.rpm using this command:

 rpm -Uvh /tmp/bash-3.2-33.el5_11.4.x86_64.rpm

5) On storage nodes  install bash-3.2-33.el5_11.4.x86_64.rpm using this command:

rpm -Uvh --nodeps /tmp/bash-3.2-33.el5_11.4.x86_64.rpm

6) Remove /tmp/bash-3.2-33.el5_11.4.x86_64.rpm from all nodes

As a side effect of applyin this fix,  during future upgrades on the database nodes, a warning will appear informing:

The "exact package" was not found and it will use minimal instead.

That's a normal and expected message and will not interfere with the upgrade. 

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.