CVE-2014-6271 and CVE-2014-7169 (Bash Code Injection Vulnerabilities) Patch Availability for Oracle Exalytics Linux Physical and Virtual systems

Asset ID:	1-79-1930588.1
Update Date:	2015-01-12
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 1930588.1 : CVE-2014-6271 and CVE-2014-7169 (Bash Code Injection Vulnerabilities) Patch Availability for Oracle Exalytics Linux Physical and Virtual systems

Applies to:

Oracle Exalytics Software - Version 1.0.0.0.0 to 1.0.0.5.0 [Release 1.0]
Exalytics In-Memory Machine X2-4 - Version All Versions to All Versions [Release All Releases]
Exalytics In-Memory Machine X3-4 - Version All Versions to All Versions [Release All Releases]
Information in this document applies to any platform.

Purpose

This document provides information on versions of Exalytics Linux Physical and Virtual environments affected by CVE-2014-6271 and CVE-2014-7169 and instructions on how to remediate the vulnerabilities on Bare Metal and Virtualized deployments.

Scope

Oracle Exalytics Base Image Linux x86-64 - all releases
Oracle Exalytics Base Image Exalytics Oracle VM x86-64 - all releases
Oracle Exalytics Oracle VM Guest Linux x86-64 - all releases

Details

Affected Exalytics Releases

All releases of Exalytics Bare Metal Linux
All releases of Exalytics Virtual Linux

Steps to Update Bash Package on Exalytics Bare Metal host, Virtualized Host, and guest VMs Running on Oracle Linux 5

Download the updated bash RPM package
Update the bash RPM package
Verify the updated bash version

Download the updated bash RPM Package

Download bash-3.2-33.el5_11.4.x86_64.rpm from either of the following locations:

ULN at https://linux.oracle.com/ulnchannel/el5_x86_64_latest/bash-3.2-33.el5_11.4.x86_64.rpm
Public Yum repository at http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/getPackage/bash-3.2-33.el5_11.4.x86_64.rpm

Instructions to update bash on Exalytics Bare Metal Servers, Exalytics Virtualized Servers (Dom0) and Exalytics Guest VMs (DomU)

Install the bash-3.2-33.el5_11.4.x86_64.rpm on each Exalytics Bare Metal host, Virtual host and VM guest by performing the following steps:

Copy the updated bash RPM package to the root user’s home directory (/root)
As the root user, execute the following command:

[root@host ~]# rpm -Uvh --nosignature /root/bash-3.2-33.el5_11.4.x86_64.rpm

Verify that the bash RPM was updated successfully:

[root@host ~]# rpm -qa | grep bash
bash-3.2-33.el5_11.4

(optional) Delete the updated bash RPM from /root

NOTE: Solaris customers may obtain fixes via following Note to address this vulnerability issue.

Note 1930090.1: CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle Solaris

References

<NOTE:1930120.1> - ALERT - CVE-2014-7169, CVE-2014-6271, CVE-2014-7186, CVE-2014-7187 and CVE-2014-6278 (Bash Shellshock) Patch Availability Document for Oracle Linux

Attachments

This solution has no attachment