| Asset ID: |
1-79-1937383.1 |
| Update Date: | 2015-08-20 |
| Keywords: | |
Solution Type
Predictive Self-Healing Sure
Solution
1937383.1
:
CVE-2014-7169, CVE-2014-6271, CVE-2014-7186, CVE-2014-7187 and CVE-2014-6278 Patch Availability Document for Oracle Communications Performance Intelligence Center
| Related Items |
- Oracle Communications Performance Intelligence Center (PIC) Software
|
| Related Categories |
- PLA-Support>Sun Systems>CommsGBU>Global Signaling Solutions>SN-SND: Tekelec PIC
|
In this Document
Applies to:
Oracle Communications Performance Intelligence Center (PIC) Software - Version 9.0.4 and later
Tekelec
Oracle Performance Intelligence Center Release 9.0.4 all servers.
Oracle Performance Intelligence Center Release 9.0.0, 9.0.1, 9.0.2, 9.0.3 DWS only, other servers shall upgrade to 9.0.4 and apply patch afterwards.
Oracle Performance Intelligence Center Release 10.0 DWS only, other servers shall upgrade to 10.1.
Purpose
This document provides instructions to apply Linux patches required to resolve security vulnerabilities referenced by CVE-2014-7169, CVE-2014-6271, CVE-2014-7186, CVE-2014-7187 and CVE-2014-6278.
Details
Check for OS Base version
This procedure is applicable on each server. Back-out procedure is not needed needed, in case of conflict the rpm tool would reject the update with a message. No reboot is required at the end of the procedure.
- Log in as root on the server console:
login: root
Password: <current root password>
- Check if bash patch is needed on this machine
# env x='() { :;}; echo vulnerable' bash -c "echo test"
If the output of this command contains only ‘test’ procedure stops here, the system has already a fix. If the result contains ‘vulnerable’ and ‘test’ or additional output, steps hereafter are required.
- Check for the platform version:
# appRev
Search the result displayed for the value after 'OS'.
Determine the hardware platform
# uname -i
Search in table above with the combination of OS/Hardware.
- Download the corrective file:
Download the package file(s) identified in the table above with a computer connected to the Internet.
Notes:
- Download cannot be performed on PIC servers; they do not have Internet access
- Machines on one site can be of different cases (A, B or C) especially the DWS
Updating Bash rpm
- Check first if the server health is good before applying a change.
Log as root, if connection was not maintained after procedure 1, and type this command:
# syscheck
Output should only show ‘OK’ results, similar to the example below. If this is not the case, please investigate root causes and fix them before applying a patch.
Running modules in class disk...
OK
Running modules in class hardware...
OK
Running modules in class net...
OK
Running modules in class proc...
OK
Running modules in class system...
OK
LOG LOCATION: /var/TKLC/log/syscheck/fail_log
- If the server matches case A
Transfer the downloaded rpm file for case A to /var/TKLC/upgrade
# rpm –Uvh /var/TKLC/upgrade/bash-3.2-33.el5_11.4.i386.rpm
- If the server matches case B
Transfer the downloaded rpm file for case B to /var/TKLC/upgrade
# rpm –Uvh /var/TKLC/upgrade/bash-3.2-33.el5_11.4.x86_64.rpm
- If the server matches case C
Transfer the downloaded rpm file for case C to /var/TKLC/upgrade
# rpm –Uvh /var/TKLC/upgrade/bash-4.1.2-15.el6_5.2.x86_64.rpm
- Check output
Review the output of the rpm upgrade command and make sure there was not error indication. In case of a doubt, it is possible to repeat step 3 of procedure 1. Output should look similar to this:
Preparing... ########################################### [100%]
Repackaging... ########################################### [100%]
1:bash ########################################### [ 50%]
The output shall not contain requests for additional packages. In case dependencies would be listed, it means the server is not the right target for this patch, nothing has happened; consider the CVEs as not addressed.
- When all is verified, disconnect :
# exit
Attachments
This solution has no attachment
