CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle 10Gb Ethernet Switches

Asset ID:	1-79-1940232.1
Update Date:	2017-11-07
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 1940232.1 : CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle 10Gb Ethernet Switches

Applies to:

Oracle Switch ES1-24
Sun Blade 6000 10GbE Switched 24p NEM
Sun Network 10GbE Switch 72p
Information in this document applies to any platform.

Purpose

This document provides the steps needed to patch the Oracle Ethernet Switch products to resolve the security vulnerabilities referenced by CVE-2014-6271 and CVE-2014-7169 and CVE-2014-0224.

Scope

All versions of firmware running on currently shipping Ethernet switches products: "Sun Network 10GBE Switch 72P 1.2", "Sun Blade 6000 10GbE Switched 24P NEM 1.2", and "Oracle Switch ES1-24 1.3".

Details

The latest patches for these products have been posted on MOS. They include several enhancements and bug fixes including resolving vulnerabilities referenced by CVE-2014-6271 and CVE-2014-7169 and CVE-2014-0224.

<Patch 13255111> for Sun Network 10GBE Switch 72P 1.2

- --------------------------- Upgrade instructions for "Sun Network 10GBE Switch 72P 1.2" ------------------

Upgrading the Sun Network 10GbE Switch 72p Firmware
---------------------------------------------------
The Sun_Network_10GbE_Switch_72p_sefos-1_2_2_9.pkg upgrades the switching software and required components to version 1.2.2.9.

Note - You must be logged in as root to do the upgrade. Before upgrading the switch firmware, back up the current configuration as described in
"Back Up the Current Configuration" of the Product Notes.

Caution - If upgrading from 1.0.x.y release, the you MUST perform this upgrade ONLY using the Oracle ILOM CLI. Using the Web interface
with the URL or file browser method will result in an incomplete upgrade as noted in "CR 7022295: Firmware Upgrade With the Web UI is Incomplete."
(Optional) If you have not restarted the switch as part of backing up the configuration, restart the switch now.

1. Ensure that you have a network configuration in place on the switch.
For more information, refer to the Sun Network 10GbE Switch 72p User's Guide.

2. Use TFTP, FTP, or the Oracle ILOM Web interface to copy this firmware image to your server: Sun_Network_10GbE_Switch_72p_sefos-1_2_2_9.pkg

3. Answer the questions that appear on the screen as you proceed through the installation.
The following example illustrates the upgrade process using FTP from a server with an IP address of 192.168.1.100.

The following example illustrates the upgrade process using FTP from a server with an IP address of 192.168.1.100.

-> cd /SP/firmware/
/SP/firmware

-> load -source 'ftp://username:password@192.168.1.100/Sun_Network_10GbE_Switch_72p_sefos-1_2_2_9.pkg'
Downloading firmware image. This will take several minutes.

NOTE: An upgrade takes about 6 minutes to complete. ILOM
will enter a special mode to load new firmware. No
other tasks can be performed in ILOM until the
firmware upgrade is complete and ILOM is reset.

Are you sure you want to load the specified file (y/n)? y
Preserve existing configuration (y/n)? y
Starting FW upgrade.

Checking "jffs2 root file system image"

Starting Root File System upgrade
Upgrading Root File System image to partition 2
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
...........................................................................................
.................................................................................
Validating File System and updating Time Stamp.
This will take 2-3 minutes. Please wait.

Checking "compressed kernel image"

Starting kernel upgrade
Upgrading kernel image to partition 2
........................
Syncing configuration files
................................
Checking "FPGA image"

Starting FPGA upgrade. This process may take upto 3 minutes.
Programing FPGA image
FPGA upgrade requires SEFOS to be stopped. Please wait while FPGA is being programmed.
............................
Checking "U-Boot image"

Starting U-Boot upgrade
..Upgrading OpusUbootImage at reboot
....

Firmware update is complete.
The system must be reset for the new image to be loaded

-> reset /SP
Are you sure you want to reset /SP (y/n)? y
Performing reset on /SP

4. When the switch reboots after the upgrade, log in and verify the software version.

-> version
SP firmware 3.0.16.0
SP firmware build number: 91963
SP firmware build date: Wed Oct 22 08:32:58 PDT 2014
SP firmware install date: Mon Oct 20 22:22:26 UTC 2014
SP filesystem version: 1.2.2.9

-> cd /SYS/fs_cli/
cd: Connecting to Fabric Switch CLI

SEFOS# show system info

Hardware Version : 2.5.8_00209384
Firmware Version : TOR-1.2.2.9
Switch Name : TOR 72P
System Contact :
System Location :
Logging Option : Console Logging
Login Authentication Mode : Local
Config Save Status : Not Initiated
Remote Save Status : Not Initiated
Config Restore Status : Not Initiated

------------------------------------------------------------------------------------------

<Patch 13255101> for Sun Blade 6000 10GbE Switched 24P NEM 1.2

--------- upgrade instruction as extracted from the readme file for "Sun Blade 6000 10GbE Switched 24P NEM 1.2"

Upgrading the NEM Firmware
--------------------------
Note - You must be logged in as root to do the upgrade. Before upgrading the switch firmware, back up the current configuration as described in
"Back Up the Current Configuration" of the Product Notes.

(Optional) - If you have not restarted the NEM as part of backing up the configuration, restart the NEM now.

Follow these steps to upgrade the NEM firmware.

1. Ensure that you have a network configuration in place on the NEM.
For more information, refer to the Sun Blade 6000 Ethernet Switched NEM 24p 10GbE User's Guide.

2. Use TFTP, FTP, or the Oracle ILOM Web interface to copy the following firmware image to your server:
Sun_Blade_6000_Ethernet_Switched_NEM_24p_10GE_sefos-1_2_2_9.pkg

3. Answer the questions that appear on the screen as you proceed through the installation.
This example illustrates the NEM upgrade process using FTP from a server with an IP address of 192.168.1.100.

***********************************
-> load -source 'ftp://username:password@192.168.1.100/Sun_Blade_6000_Ethernet_Switched_NEM_24p_10GE_sefos-1_2_2_9.pkg'

Are you sure you want to load the specified file (y/n)? y
Preserve existing configuration (y/n)? y
Starting FW upgrade. This will take approximately 3 minutes.

Checking "jffs2 root file system image"

Checking "compressed kernel image"

Starting kernel upgrade
Upgrading kernel image to partition 2
.......
Syncing configuration files.
....................................
Checking "FPGA image"

Starting FPGA upgrade
Skip upgrading FPGA (same version).

Checking "U-Boot image"

Starting U-Boot upgrade
Skip upgrading U-Boot (same version).

Firmware update is complete.
The system must be reset for the new image to be loaded

-> reset /SP
Are you sure you want to reset /SP (y/n)? y
Performing reset on /SP

***********************************

4. Once the NEM reboots after the upgrade, verify the SW version.

-> version
SP firmware 3.0.16.0
SP firmware build number: 91963
SP firmware build date: Wed Oct 22 08:32:57 PDT 2014
SP firmware install date: Tue Oct 28 01:52:49 UTC 2014
SP filesystem version: 1.2.2.9

-> cd /NEM/fs_cli/
cd: Connecting to Fabric Switch CLI

SEFOS# sh system info

Hardware Version : 2.5.8_00209384
Firmware Version : ONEM-1.2.2.9
Switch Name : C10 NEM 24P
System Contact :
System Location :
Logging Option : Console Logging
Login Authentication Mode : Local
Config Save Status : Not Initiated
Remote Save Status : Not Initiated
Config Restore Status : Not Initiated

Enabling SAS2 links
-------------------
By default SAS2 links are disabled on the SAS2 expander firmware of the Sun Blade 6000 Ethernet Switched NEM 24p 10GbE. To enable SAS2 links
and to allow server modules with supported REMs to communicate with the Sun Blade Storage Module M2, you must enable SAS2 from the ILOM.

Note - If SAS2 was alerady enabled from a prior release, then it will stay enabled during/after the upgrade. No other steps are required.
When SAS2 is Disabled, the fru_extra_1 field will show "SAS 5.3.2.0", in the output of "show /CH/NEMx"
command (where x is the NEM's slot number) from the CMM level.
When SAS2 is Enabled, the fru_extra_1 field will show "SAS 5.3.7.0", in the output of "show /CH/NEMx"
command (where x is the NEM's slot number) from the CMM level.

Show current status:
-> cd /NEM/SAS/
/NEM/SAS

-> ls

/NEM/SAS
Targets:

Properties:
type = SAS Expander
sas_status = disabled

Commands:
cd
show
start
stop

Enable SAS2 links:
-> cd /NEM/SAS/
/NEM/SAS

-> start
Are you sure you want to start /NEM/SAS (y/n)? y
Enabling the device will take approximately 2 minutes...

start: SAS Enabled successfully.

Verify status:
-> cd /NEM/SAS/
/NEM/SAS

-> ls

/NEM/SAS
Targets:

Properties:
type = SAS Expander
sas_status = enabled

Commands:
cd
show
start
stop

---------------------------------------------------

<Patch 17050841> for Oracle Switch ES1-24

--------- upgrade instructions extracted from the readme file for: "Oracle Switch ES1-24" -------------

Upgrading the Oracle Switch ES1-24 Firmware
-------------------------------------------
The Oracle_Switch_ES1-24_sefos-1_3_1_7.pkg upgrades the switching software and required components to version 1.3.1.7.

1. Ensure that you have a network configuration in place on the switch.
For more information, refer to the Oracle Switch ES1-24 Configuration Guide.

2. Use TFTP, FTP, or the Oracle ILOM Web interface to copy this firmware image to your server: Oracle_Switch_ES1-24_sefos-1_3_1_7.pkg

The following example illustrates the upgrade process using FTP from a server with an IP address of 192.168.1.100.

-> cd /SP/firmware/
/SP/firmware

-> load -source ftp://username:password@192.168.1.100/Oracle_Switch_ES1-24_sefos-1_3_1_7.pkg
Downloading firmware image. This will take several minutes.
.

NOTE: An upgrade takes several minutes to complete. ILOM
will enter a special mode to load new firmware. No
other tasks can be performed in ILOM until the
firmware upgrade is complete and ILOM is reset.

Are you sure you want to load the specified file (y/n)? y
Preserve existing configuration (y/n)? y
Starting FW upgrade. This will take approximately 3 minutes.

Checking "root file system image"

Starting Root File System upgrade
Upgrading Root File System image to partition 1
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...................................................................................
...
Checking "compressed kernel image"

Starting kernel upgrade
Upgrading image to partition 1
....
Syncing configuration files
...................................
Checking "FPGA image"

Starting FPGA upgrade. This process may take upto 3 minutes.
Programing FPGA image
FPGA upgrade requires SEFOS to be stopped. Please wait while FPGA is being programmed.
Skip upgrading FPGA (same version).
.
Checking "U-Boot image"

Starting U-Boot upgrade
Skip upgrading U-Boot (same version).

Firmware update is complete.
The system must be reset for the new image to be loaded

-> reset /SP
Are you sure you want to reset /SP (y/n)? y
Performing reset on /SP

4. When the switch reboots after the upgrade, log in and verify the software version.

-> version
SP firmware 3.0.16.0
SP firmware build number: 91963
SP firmware build date: Wed Oct 22 08:32:49 PDT 2014
SP firmware install date: Wed Oct 22 19:14:52 UTC 2014
SP filesystem version: 1.3.1.7

-> cd /SYS/fs_cli/
cd: Connecting to Fabric Switch CLI

SEFOS# show system info

Hardware Version : 2.5.8_00209384
Firmware Version : ES1-24-1.3.1.7
Switch Name : Oracle ES1-24
System Contact :
System Location :
Logging Option : Console Logging
Login Authentication Mode : Local
Config Save Status : Not Initiated
Remote Save Status : Not Initiated
Config Restore Status : Not Initiated

-----------------------------------------------------------

Attachments

This solution has no attachment