当前位置：首页 > article >正文

CVE-2015-0235

article 2025/9/16 1:30:15


		glibc vulnerability (CVE-2015-0235) patch availability for Oracle Exadata Database Machine (文档 ID 1965525.1)	转到底部

1 APPLIES TO:

Oracle Exadata Storage Server Software - Version 11.2.1.2.0 to 12.1.2.1.0 [Release 11.2 to 12.1]
Information in this document applies to any platform.

2 GOAL

The glibc vulnerability covered by CVE-2015-0235 affects multiple components in the Oracle Exadata Database Machine. This note provides information on the updates available and how to obtain and install them.

3 SOLUTION

For additional information about other commonly identified security vulnerabilities on Oracle Exadata Database Machine, see Note 1405320.1.

For additional information on the vulnerability, see CVE report, ELSA-2015-0090, ELSA-2015-0092 and OVMSA-2015-0024.

4 Download and stage the files needed

For Exadata image versions 12.1.1.1.1 or earlier, obtain updated packages using the following package versions, or later package versions, if available:

glibc-2.5-123.0.1.el5_11.1.i686.rpm
glibc-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-common-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-devel-2.5-123.0.1.el5_11.1.i386.rpm
glibc-devel-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-headers-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-utils-2.5-123.0.1.el5_11.1.x86_64.rpm
nscd-2.5-123.0.1.el5_11.1.x86_64.rpm

These packages may be obtained from http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/.

For Exadata image version 12.1.2.1.0 physical installs and 12.1.2.1.0 OVS domU, obtain updated packages using the following package versions, or later package versions, if available:

glibc-2.12-1.149.el6_6.5.i686.rpm
glibc-2.12-1.149.el6_6.5.x86_64.rpm
glibc-common-2.12-1.149.el6_6.5.x86_64.rpm
glibc-devel-2.12-1.149.el6_6.5.i686.rpm
glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm
glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm
nscd-2.12-1.149.el6_6.5.x86_64.rpm

These packages may be obtained from http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/.

For Exadata image version 12.1.2.1.0 virtual installs dom0 (physical installs do not need these files), obtain updated packages using the following package versions, or later package versions, if available:

glibc-2.5-123.0.1.el5_11.1.i686.rpm
glibc-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-common-2.5-123.0.1.el5_11.1.x86_64.rpm
nscd-2.5-123.0.1.el5_11.1.x86_64.rpm

These packages may be obtained from http://public-yum.oracle.com/repo/OracleVM/OVM3/latest/x86_64/.

5 Oracle Exadata Database Servers physical installs running Linux and domU on virtual installs

These steps may be followed to update Oracle Exadata Database Servers running physical installs (all installs before Exadata version 12.1.2.1.0 are physical installs) and also for updating the domU virtual machines on Oracle Exadata Database Server virtual installations (see next section below for dom0 update). For instructions to update the Oracle Exadata Database Server dom0 on virtual installations, see the next section.

To install these packages on database servers, follow the steps below (applicable to all Exadata image versions). These may be done in parallel on all database servers or in a rolling manner. It is intended that the package installation is followed by a system reboot in a relatively short time (i.e. minutes, not days). Since the system will be rebooted, you may choose to stop the database and cluster processes on the node being updated in advance or allow the reboot process to stop them for you.

Capture the currently installed rpm versions (including package architectures) using the following command and save the output in a file in case a rollback is needed later.
1. rpm -qa --queryformat="%{name}-%{version}-%{release}.%{arch}\n" | egrep 'glibc|nscd'
Stage the files on each database server in /tmp/glibc-update as root
1. mkdir /tmp/glibc-update
2. Place all the rpms listed above (for your appropriate release) in the directory /tmp/glibc-update
If running Exadata phyiscal (non-OVM) installations, follow these steps:
1. If using Exadata Database Server image version 11.2.3.3.0 or later on Sun/Oracle hardware (V2 through X4), run this command
  1. rpm -e exadata-sun-computenode-exact
  2. Note that removing this package will not affect future upgrades. If the package is not installed, this step can be skipped.
2. If using Exadata Database Server image version 11.2.3.3.0 or later on HP V1 hardware, run this command
  1. rpm -e exadata-hp-computenode-exact
  2. Note that removing this package will not affect future upgrades. If the package is not installed, this step can be skipped.
If running Exadata 12.1.2.1.0 in an virtual installation, follow this step on domUs (see next section below for dom0 update):
1. rpm -e exadata-sun-vm-computenode-exact
2. Note that removing this package will not affect future upgrades. If the package is not installed, this step can be skipped.
For all releases: install the updated rpms using this command
1. rpm -Fvh /tmp/glibc-update/*rpm
If the installation is successful (no errors), reboot the system using
1. shutdown -r -y now
After the reboot, ensure the system is up and running and the cluster processes have restarted. Remove the staged files, if desired
1. rm -rf /tmp/glibc-update

If a rollback is required, it should be done with Oracle Support guidance via an SR. The information gathered in step 1 above should be provided to the SR.

Note that it is not necessary to relink any binaries after this update.

6 Oracle Exadata Database Servers virtual installs dom0

These steps may be followed to update dom0 on Oracle Exadata Database Servers running virtual installs.

To install these packages on dom0, follow the steps below. These may be done in parallel on all database servers or in a rolling manner. It is intended that the package installation is followed by a dom0 reboot in a relatively short time (i.e. minutes, not days). Rebooting dom0 will also cause all the domUs to reboot. Since the system will be rebooted, you may choose to stop the database and cluster processes on the node being updated in advance or allow the reboot process to stop them for you.

Capture the currently installed rpm versions (including package architectures) using the following command and save the output in a file in case a rollback is needed later.
1. rpm -qa --queryformat="%{name}-%{version}-%{release}.%{arch}\n" | egrep 'glibc|nscd'
Stage the files on each database server in /tmp/glibc-update as root
1. mkdir /tmp/glibc-update
2. Place all the rpms listed above (for your appropriate release) in the directory /tmp/glibc-update
If using Exadata Database Server virtual install dom0 on Sun/Oracle hardware (X2 through X4), run this command
1. rpm -e exadata-sun-ovs-computenode-exact
2. Note that removing this package will not affect future upgrades. If the package is not installed, this step can be skipped.
For all releases: install the updated rpms using this command
1. rpm -Fvh /tmp/glibc-update/*rpm
If the installation is successful (no errors), reboot the system using
1. shutdown -r -y now
2. This will reboot dom0 which will first stop all the domUs on the system, reboot dom0, then start the domUs set to auto start.
After the reboot, ensure the system is up and running and the cluster processes have restarted. Remove the staged files, if desired
1. rm -rf /tmp/glibc-update

If a rollback is required, it should be done with Oracle Support guidance via an SR. The information gathered in step 1 above should be provided to the SR.

7 Oracle Exadata Database Servers running Solaris

Solaris systems do not include glibc.

8 Oracle Exadata Storage Cells

For storage cells, obtain the same files listed above for database servers and follow these steps for installation on the storage cells. While storage cells are not normally permitted to have OS updates applied, this procedure is allowed as an exception to address this vulnerability only.

To install these updates, the storage cell will need to be rebooted. This can be done in a rolling manner in order to minimize availability impact to the system. Before attempting the installation procedures below, it is recommended to review Note 1188080.1 for procedures to gracefully take a storage cell offline before rebooting it and then bringing it back online after the reboot.

If desired, all cells can be done in parallel as long as the cluster is shutdown before rebooting the cells.

Note: Do not remove the exadata-sun-cellnode-exact package on storage cells.

To install these packages on storage cells, follow the steps below (applicable to all Exadata image versions).

Capture the currently installed rpm versions (including package architectures) using the following command and save the output in a file in case a rollback is needed later.
1. rpm -qa --queryformat="%{name}-%{version}-%{release}.%{arch}\n" | egrep 'glibc|nscd'
Stage the files on each storage cell in /tmp/glibc-update as root
1. mkdir /tmp/glibc-update
2. Place all the rpms listed above (for your appropriate release) in the directory /tmp/glibc-update
Install the updated rpms using this command
1. rpm -Fvh --nodeps /tmp/glibc-update/*rpm
2. During installation, you may see an ignorable warning like this:

warning: /root/glibc-update/glibc-2.5-123.0.1.el5_11.1.i686.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159

You may ignore this warning and the installation will proceed as normal.

If the installation is successful (no errors), reboot the system using
1. shutdown -r -y now
After the reboot, ensure the system is up and running. Remove the staged files, if desired
1. rm -rf /tmp/glibc-update
Follow the steps from Note 1188080.1 to ensure the cell is fully online again before proceeding to the next storage cell.

If a rollback is required, it should be done with Oracle Support guidance via an SR. The information gathered in step 1 above should be provided to the SR.

查看全文

http://www.lryc.cn/news/2413646.html