As of yet the Oracle Security and Patch patch page should be updated soon.
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
The solution for Exadata is well documented in the support note below.
glibc vulnerability (CVE-2015-0235) patch availability for Oracle Exadata Database Machine (Doc ID 1965525.1)
Download and stage the files needed
For Exadata image versions 12.1.1.1.1 or earlier,
obtain updated packages using the following package versions, or later package
versions, if available:
glibc-2.5-123.0.1.el5_11.1.i686.rpm
glibc-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-common-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-devel-2.5-123.0.1.el5_11.1.i386.rpm
glibc-devel-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-headers-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-utils-2.5-123.0.1.el5_11.1.x86_64.rpm
nscd-2.5-123.0.1.el5_11.1.x86_64.rpm
These packages may be obtained from http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/.
For Exadata image version 12.1.2.1.0, obtain
updated packages using the following package versions, or later package
versions, if available:
glibc-2.12-1.149.el6_6.5.i686.rpm
glibc-2.12-1.149.el6_6.5.x86_64.rpm
glibc-common-2.12-1.149.el6_6.5.x86_64.rpm
glibc-devel-2.12-1.149.el6_6.5.i686.rpm
glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm
glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm
nscd-2.12-1.149.el6_6.5.x86_64.rpm
These packages may be obtained from http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/.
Oracle Exadata Database Servers running Linux
To install these packages on database servers,
follow the steps below (applicable to all Exadata image versions). These may be
done in parallel on all database servers or in a rolling manner. It is intended
that the package installation is followed by a system reboot in a relatively
short time (i.e. minutes, not days). Since the system will be rebooted, you may
choose to stop the database and cluster processes on the node being updated in
advance or allow the reboot process to stop them for you.
1. Capture
the currently installed rpm versions (including package architectures) using
the following command and save the output in a file in case a rollback is
needed later.
1.
rpm -qa
--queryformat="%{name}-%{version}-%{release}.%{arch}\n" | egrep
'glibc|nscd'
2. Stage the
files on each database server in /tmp/glibc-update as root
1.
mkdir /tmp/glibc-update
2.
Place all the rpms listed above (for your
appropriate release) in the directory /tmp/glibc-update
3. If using
Exadata Database Server image version 11.2.3.3.0 or later, run this command
1.
rpm -e exadata-sun-computenode-exact
4. For all
releases: install the updated rpms using this command
1.
rpm -Fvh /tmp/glibc-update/*rpm
5. If the
installation is successful (no errors), reboot the system using
1.
shutdown -r -y now
6. After the
reboot, ensure the system is up and running and the cluster processes have
restarted. Remove the staged files, if desired
1.
rm -rf /tmp/glibc-update
If a rollback is required, it should be done with
Oracle Support guidance via an SR. The information gathered in step 1 above
should be provided to the SR.
Note that it is not necessary to relink any
binaries after this update.
Oracle Exadata Database Servers running Solaris
Solaris systems do not include glibc.
Oracle Exadata Storage Cells
For storage cells, obtain the same files listed
above for database servers and follow these steps for installation on the
storage cells. While storage cells are not normally permitted to have OS
updates applied, this procedure is allowed as an exception to address this
vulnerability only.
To install these updates, the storage cell will
need to be rebooted. This can be done in a rolling manner in order to minimize
availability impact to the system. Before attempting the installation
procedures below, it is recommended to review Note 1188080.1 for procedures to gracefully
take a storage cell offline before rebooting it and then bringing it back
online after the reboot.
If desired, all cells can be done in parallel as
long as the cluster is shutdown before rebooting the cells.
Note: Do not remove the exadata-sun-cellnode-exact
package on storage cells.
To install these packages on storage cells, follow
the steps below (applicable to all Exadata image versions).
1. Capture
the currently installed rpm versions (including package architectures) using
the following command and save the output in a file in case a rollback is
needed later.
1.
rpm -qa
--queryformat="%{name}-%{version}-%{release}.%{arch}\n" | egrep
'glibc|nscd'
2. Stage the
files on each storage cell in /tmp/glibc-update as root
1.
mkdir /tmp/glibc-update
2.
Place all the rpms listed above (for your
appropriate release) in the directory /tmp/glibc-update
3. Install
the updated rpms using this command
1.
rpm -Fvh --nodeps /tmp/glibc-update/*rpm
4. If the
installation is successful (no errors), reboot the system using
1.
shutdown -r -y now
5. After the
reboot, ensure the system is up and running. Remove the staged files, if
desired
1.
rm -rf /tmp/glibc-update
6. Follow
the steps from Note 1188080.1 to ensure the cell is fully
online again before proceeding to the next storage cell.
If a rollback is
required, it should be done with Oracle Support guidance via an SR. The
information gathered in step 1 above should be provided to the SR.
No comments:
Post a Comment