| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||||||||||||||||||||||
Solution Type Predictive Self-Healing Sure Solution 1966698.1 : CVE-2015-0235 Ghost Vulnerability Patch Availability Document for Oracle Big Data Appliance
In this Document
Applies to:Big Data Appliance Integrated Software - Version 2.2.1 to 4.1.0 [Release 2.2 to 4.1]Big Data Appliance Hardware - Version All Versions and later Linux x86-64 PurposeThis document provides details about affected versions of Oracle Big Data Appliance(BDA) by CVE-2015-0235 Ghost Vulnerability and instructions on how to update glibc on Oracle Big Data Appliance(BDA) updates. ScopeThis document applies to Oracle Big Data Appliance(BDA) release. DetailsOracle has released El-errata related to publicly disclosed vulnerability affecting glibc. For more details about Ghost vulnerability please refer to http://linux.oracle.com/cve/CVE-2015-0235.html El-errata released by Oracle are https://oss.oracle.com/pipermail/el-errata/2015-January/004811.html https://oss.oracle.com/pipermail/el-errata/2015-January/004810.html Affected BDA ReleasesAll current releases of BDA V2.* to V2.6 , v3.0.* to V3.1 and v4.0 /V4.1 are affected by CVE-2015-0235 Ghost Vulnerability Instructions to check BDA Release and OS VersionThese steps are the same for HDFS or NoSQL Cluster installed on BDA 1) Log into Node01 of the BDA cluster as root user 2) Check BDA image and OS details by executing imageinfo command a) Sample output for BDA 4.* with OL6 OS # imageinfo
Big Data Appliance Image Info
IMAGE_VERSION : 4.0.0 LINUX_VERSION : Oracle Linux Server release 6.4 KERNEL_VERSION : 2.6.39-400.209.1.el6uek.x86_64 BDA_RPM_VERSION : bda-4.0.0-1.el6.x86_64 OFED_VERSION : OFED-IOV-1.5.5-2.0.0088 JDK_VERSION : jdk-1.7.0_65-fcs.x86_64 OR b) Sample output for BDA 2.* with OL5 OS # imageinfo Big Data Appliance Image Info
IMAGE_VERSION : 2.*.1 KERNEL_VERSION : 2.6.32-200.21.1.el5uek BDA_RPM_VERSION : bda-2.2.1-1 OFA_RPM_VERSION : ofa-2.6.32-200.21.1.el5uek-1.5.5-4.0.55.4 JDK_VERSION : jdk-1.6.0_51-fcs 3) Check the version of glibc rpm installed. dcli can used to check the rpm release on all nodes in the cluster # rpm -qa | egrep "^glibc|^nscd"
Note:- dcli can be used to check the rpm release on all nodes in the cluster dcli -C 'rpm -qa | egrep "^glibc|^nscd"'
a) Sample output from OL6 OS # dcli -C 'rpm -qa | egrep "^glibc|^nscd" '
<private-ip of node>: : glibc-2.12-1.107.el6_4.4.x86_64
<private-ip of node>: : glibc-headers-2.12-1.107.el6_4.4.x86_64 <private-ip of node>: : nscd-2.12-1.107.el6_4.4.x86_64 <private-ip of node>: : glibc-2.12-1.107.el6_4.4.i686 <private-ip of node>: : glibc-utils-2.12-1.107.el6_4.4.x86_64 <private-ip of node>: : glibc-devel-2.12-1.107.el6_4.4.x86_64 <private-ip of node>: : glibc-common-2.12-1.107.el6_4.4.x86_64 OR b) Sample output from OL5 OS # dcli -C 'rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n" | egrep "^glibc|^nscd"'
<private-ip of node>: : nscd-2.5-81.el5_8.7.x86_64
<private-ip of node>: : glibc-2.5-81.el5_8.7.x86_64 <private-ip of node>: : glibc-common-2.5-81.el5_8.7.x86_64 <private-ip of node>: : glibc-utils-2.5-81.el5_8.7.x86_64 <private-ip of node>: : glibc-devel-2.5-81.el5_8.7.x86_64 <private-ip of node>: : glibc-devel-2.5-81.el5_8.7.i386 <private-ip of node>: : glibc-headers-2.5-81.el5_8.7.x86_64 <private-ip of node>: : glibc-2.5-81.el5_8.7.i686 Instructions to Install Latest version of glibc rpm on BDAManually upgrading the rpms on BDA prior to 4.0 is not supported since bda software checks will fail. Instructions for V2.*/3.* ReleasesFor BDA release prior to V4.0 i.e v3.* and v2.* releases, please open an SR to request a one-off patch. Instructions for V4.* ReleaseFor v4.0/v4.1 release of BDA follow below instructions to manually upgrade the glibc rpm . Note:- Prior to upgrading the rpm ensure all the OL /software packages are valid by executing bdacheckcluster command Download Latest patched version of glibc rpm for V4.* ReleaseLatest version of rpms can be downloaded from For OL5, the latest glibc rpms that contain the fix for CVE-2015-0235 Ghost Vulnerability are listed at https://oss.oracle.com/pipermail/el-errata/2015-January/004811.html and can be downloaded from http://public-yum.oracle.com/repo/OracleLinux/OL5/latest/x86_64/ Here is the list of rpms needed for BDA with OL5 glibc-2.5-123.0.1.el5_11.1.x86_64.rpm
glibc-2.5-123.0.1.el5_11.1.i686.rpm glibc-common-2.5-123.0.1.el5_11.1.x86_64.rpm glibc-utils-2.5-123.0.1.el5_11.1.x86_64.rpm glibc-devel-2.5-123.0.1.el5_11.1.i386.rpm glibc-devel-2.5-123.0.1.el5_11.1.x86_64.rpm glibc-headers-2.5-123.0.1.el5_11.1.x86_64.rpm nscd-2.5-123.0.1.el5_11.1.x86_64.rpm For OL6, the latest glibc rpm that contains the fix for CVE-2015-0235 Ghost Vulnerability are listed at https://oss.oracle.com/pipermail/el-errata/2015-January/004810.html and can be downloaded from http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/ Here is the list of rpms needed for BDA with OL6 glibc-2.12-1.149.el6_6.5.x86_64.rpm
glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm glibc-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm Upgrade rpm on BDA Cluster for V4.* ReleaseThese steps are the same for a HDFS or NoSQL Cluster installed on BDA. Note:- If more than one cluster is installed on a rack, then please execute below steps on all clusters in the rack . 1) Log into Node01 of the BDA cluster as root user 2) Depending on the OS on BDA, copy the needed OL5 or OL6 rpm's to node01 into /tmp 3) Use dcli to copy the glibc rpms to all nodes in the cluster dcli -C mkdir /root/rpms
dcli -C ls -ld /root/rpms dcli -C -f /tmp/*.rpm -d /root/rpms/ dcli -C ls -l /root/rpms 4) Upgrade the rpms on all the nodes in the cluster dcli -C rpm -Uvh /root/rpms/*.rpm
Post RPM Upgrade Steps1) Check if the rpms are updated correctly For OL6 OS # dcli -C 'rpm -qa | egrep "^glibc|^nscd" '
OR For OL5 OS # dcli -C 'rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n" | egrep "^glibc|^nscd"' 2) Execute bdacheckcluster command to ensure all the OL / software packages are valid. On BDA CDH cluster, bdacheckcluster command prompts for Cloudera Manager(CM) password # bdacheckcluster
INFO: Logging results to /tmp/bdacheckcluster_<id>/ Enter CM admin password to enable check for CM services and hosts Press ENTER twice to skip CM services and hosts checks Enter password: Enter password again: ... Note:- Recommendation is to reboot BDA nodes (after the glibc rpms upgrade ) one at a time to ensure that there is no cluster downtime as permitted Attachments This solution has no attachment |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||