Exalytics In-Memory Machine X2-4
 
Oracle Exalytics Software
 
Exalytics In-Memory Machine X3-4
 
Exalytics In-Memory Machine X4-4
 

PLA-Other>Development>MOS Prod Dev Family>MOS Prod Dev Area>MOS: Critical Patch Updates
 

In this Document

Purpose

Scope

Details

Applies to:

Purpose

This document provides instructions on how to remediate the Venom Vulnerability (CVE-2015-3456) on virtual Exalytics. The fixes provided in this document are applicable to compute nodes (dom0) in Exalytics Virtual deployments only; no updates are required to Exalytics Guests.

Exalytics deployments on bare metal running Linux are not affected by this vulnerability. 

Scope

Details

Perform the following steps to patch the Exalytics OVM Server node (dom0):

• Stop all the VM Guests from OVM Manager.
• Download the following rpms from ULN (linux.oracle.com), (Channel Name: Oracle VM 3 latest, Architecture – x86_64, Label - ovm3_x86_64_latest):

1. 1. xen-4.1.3-25.el5.127.36.1.x86_64.rpm
   2. xen-devel-4.1.3-25.el5.127.36.1.x86_64.rpm
   3. xen-tools-4.1.3-25.el5.127.36.1.x86_64.rpm

• Copy the rpms to a new directory on Exalytics OVM server eg. /tmp/cve20153456
• Remove the conflicting xen-debugger rpm, if it exists (the rpm exists in older Exalytics VM installations). Run the following command as root user:
  • rpm -e xen-debugger
• Install the rpms as root user:
  • rpm -Fvh --nodeps --nosignature /tmp/cve20153456/*.rpm   | tee -a /var/log/cve20153456_update.log
• Validate that patch was successfully applied by following these steps:
  
  a. Check the patch output to see if it was successful; a portion of the console output is shown below:

b. Verify that the xen RPMs were updated successfully.

• Reboot the Exalytics OVM Server for the patch to take effect from OVM Manager. 
• Once the Exalytics OVM Server is up, start all the guest VMs that were previously stopped from OVM Manager.
• Optionally, delete the patch directory /tmp/cve20153456.

This solution has no attachment