Thinking Out Loud

February 23, 2016

CVE-2015-7547 for Oracle Database

Filed under: linux,oracle — mdinh @ 1:20 am

I am sure by now you have heard about the bug.

Reboot Required!

Need to update to release el6_7.7 if you are on OEL 6

glibc-2.12-1.166.el6_7.7.x86_64.rpm
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm
glibc-devel-2.12-1.166.el6_7.7.i686.rpm
glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
nscd-2.12-1.166.el6_7.7.x86_64.rpm
glibc-devel-2.12-1.166.el6_7.7.i686.rpm
glibc-2.12-1.166.el6_7.7.i686.rpm

http://linux.oracle.com/errata/ELSA-2016-0175.html

You can also use the following commands to verify RPMs for CVE_2015_7547

There are two dashes (- -) for cve.

$ yum list –cve=2015_7547|egrep ‘^glibc|^nscd’|sort

Skipping security plugin, other command
glibc-common.x86_64                  2.12-1.166.el6_7.7       @public_ol6_latest
glibc-devel.i686                     2.12-1.166.el6_7.7       @public_ol6_latest
glibc-devel.x86_64                   2.12-1.166.el6_7.7       @public_ol6_latest
glibc-headers.x86_64                 2.12-1.166.el6_7.7       @public_ol6_latest
glibc.i686                           2.12-1.166.el6_7.7       @public_ol6_latest
glibc-static.i686                    2.12-1.166.el6_7.7       public_ol6_latest
glibc-static.x86_64                  2.12-1.166.el6_7.7       public_ol6_latest
glibc-utils.x86_64                   2.12-1.166.el6_7.7       public_ol6_latest
glibc.x86_64                         2.12-1.166.el6_7.7       @public_ol6_latest
nscd.x86_64                          2.12-1.166.el6_7.7       public_ol6_latest

Note that it is not necessary to relink any binaries after this update.

Reference: glibc vulnerability (CVE-2015-7547) patch availability for Oracle Exadata Database Machine (Doc ID 2108582.1)

Assumption being made if relink is not required for Exadata, then it is not required for Non-Exadata as well.

Be safe and verify with Oracle support and let me know too please.

$ cat /etc/oracle-release

Oracle Linux Server release 6.6

$ rpm -qa –queryformat=”%{name}-%{version}-%{release}.%{arch}\n” | egrep ‘glibc|nscd’

glibc-devel-2.12-1.149.el6_6.9.i686
glibc-common-2.12-1.149.el6_6.9.x86_64
glibc-2.12-1.149.el6_6.9.i686
glibc-headers-2.12-1.149.el6_6.9.x86_64
glibc-devel-2.12-1.149.el6_6.9.x86_64
glibc-2.12-1.149.el6_6.9.x86_64

[root@arrow ~]# yum update glibc

Loaded plugins: refresh-packagekit, security
Setting up Update Process
public_ol6_UEKR3_latest                                                                                                               | 1.2 kB     00:00
public_ol6_UEKR3_latest/primary                                                                                                       |  22 MB     00:10
public_ol6_UEKR3_latest                                                                                                                              559/559
public_ol6_latest                                                                                                                     | 1.4 kB     00:00
public_ol6_latest/primary                                                                                                             |  55 MB     00:24
public_ol6_latest                                                                                                                                33290/33290
Resolving Dependencies
--> Running transaction check
---> Package glibc.i686 0:2.12-1.149.el6_6.9 will be updated
--> Processing Dependency: glibc = 2.12-1.149.el6_6.9 for package: glibc-common-2.12-1.149.el6_6.9.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.9 for package: glibc-devel-2.12-1.149.el6_6.9.i686
--> Processing Dependency: glibc = 2.12-1.149.el6_6.9 for package: glibc-headers-2.12-1.149.el6_6.9.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6_6.9 for package: glibc-devel-2.12-1.149.el6_6.9.x86_64
---> Package glibc.x86_64 0:2.12-1.149.el6_6.9 will be updated
---> Package glibc.i686 0:2.12-1.166.el6_7.7 will be an update
---> Package glibc.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.9 will be updated
---> Package glibc-common.x86_64 0:2.12-1.166.el6_7.7 will be an update
---> Package glibc-devel.i686 0:2.12-1.149.el6_6.9 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.9 will be updated
---> Package glibc-devel.i686 0:2.12-1.166.el6_7.7 will be an update
---> Package glibc-devel.x86_64 0:2.12-1.166.el6_7.7 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.9 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.166.el6_7.7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                              Arch                          Version                                   Repository                                Size
=============================================================================================================================================================
Updating:
 glibc                                i686                          2.12-1.166.el6_7.7                        public_ol6_latest                        4.3 M
 glibc                                x86_64                        2.12-1.166.el6_7.7                        public_ol6_latest                        3.8 M
Updating for dependencies:
 glibc-common                         x86_64                        2.12-1.166.el6_7.7                        public_ol6_latest                         14 M
 glibc-devel                          i686                          2.12-1.166.el6_7.7                        public_ol6_latest                        986 k
 glibc-devel                          x86_64                        2.12-1.166.el6_7.7                        public_ol6_latest                        986 k
 glibc-headers                        x86_64                        2.12-1.166.el6_7.7                        public_ol6_latest                        615 k

Transaction Summary
=============================================================================================================================================================
Upgrade       6 Package(s)

Total download size: 25 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): glibc-2.12-1.166.el6_7.7.i686.rpm                                                                                              | 4.3 MB     00:02
(2/6): glibc-2.12-1.166.el6_7.7.x86_64.rpm                                                                                            | 3.8 MB     00:02
(3/6): glibc-common-2.12-1.166.el6_7.7.x86_64.rpm                                                                                     |  14 MB     00:05
(4/6): glibc-devel-2.12-1.166.el6_7.7.i686.rpm                                                                                        | 986 kB     00:00
(5/6): glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm                                                                                      | 986 kB     00:00
(6/6): glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm                                                                                    | 615 kB     00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                        1.8 MB/s |  25 MB     00:13
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : glibc-common-2.12-1.166.el6_7.7.x86_64                                                                                                   1/12
  Updating   : glibc-2.12-1.166.el6_7.7.x86_64                                                                                                          2/12
  Updating   : glibc-headers-2.12-1.166.el6_7.7.x86_64                                                                                                  3/12
  Updating   : glibc-2.12-1.166.el6_7.7.i686                                                                                                            4/12
  Updating   : glibc-devel-2.12-1.166.el6_7.7.i686                                                                                                      5/12
  Updating   : glibc-devel-2.12-1.166.el6_7.7.x86_64                                                                                                    6/12
  Cleanup    : glibc-devel-2.12-1.149.el6_6.9                                                                                                           7/12
  Cleanup    : glibc-devel-2.12-1.149.el6_6.9                                                                                                           8/12
  Cleanup    : glibc-2.12-1.149.el6_6.9                                                                                                                 9/12
  Cleanup    : glibc-headers-2.12-1.149.el6_6.9.x86_64                                                                                                 10/12
  Cleanup    : glibc-2.12-1.149.el6_6.9                                                                                                                11/12
  Cleanup    : glibc-common-2.12-1.149.el6_6.9.x86_64                                                                                                  12/12
  Verifying  : glibc-2.12-1.166.el6_7.7.i686                                                                                                            1/12
  Verifying  : glibc-devel-2.12-1.166.el6_7.7.i686                                                                                                      2/12
  Verifying  : glibc-headers-2.12-1.166.el6_7.7.x86_64                                                                                                  3/12
  Verifying  : glibc-devel-2.12-1.166.el6_7.7.x86_64                                                                                                    4/12
  Verifying  : glibc-2.12-1.166.el6_7.7.x86_64                                                                                                          5/12
  Verifying  : glibc-common-2.12-1.166.el6_7.7.x86_64                                                                                                   6/12
  Verifying  : glibc-headers-2.12-1.149.el6_6.9.x86_64                                                                                                  7/12
  Verifying  : glibc-2.12-1.149.el6_6.9.x86_64                                                                                                          8/12
  Verifying  : glibc-common-2.12-1.149.el6_6.9.x86_64                                                                                                   9/12
  Verifying  : glibc-devel-2.12-1.149.el6_6.9.x86_64                                                                                                   10/12
  Verifying  : glibc-2.12-1.149.el6_6.9.i686                                                                                                           11/12
  Verifying  : glibc-devel-2.12-1.149.el6_6.9.i686                                                                                                     12/12

Updated:
  glibc.i686 0:2.12-1.166.el6_7.7                                              glibc.x86_64 0:2.12-1.166.el6_7.7

Dependency Updated:
  glibc-common.x86_64 0:2.12-1.166.el6_7.7              glibc-devel.i686 0:2.12-1.166.el6_7.7             glibc-devel.x86_64 0:2.12-1.166.el6_7.7
  glibc-headers.x86_64 0:2.12-1.166.el6_7.7

Complete!
[root@arrow ~]#
[root@arrow ~]# init 6
[root@arrow ~]#

$ rpm -qa –queryformat=”%{name}-%{version}-%{release}.%{arch}\n” | egrep ‘glibc|nscd’

glibc-devel-2.12-1.166.el6_7.7.i686
glibc-headers-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.x86_64
glibc-devel-2.12-1.166.el6_7.7.x86_64
glibc-common-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.i686

$ rpm -qa –queryformat=”%{name}-%{release}.%{arch}\n” | egrep ‘glibc|nscd’

oracle@arrow:hawklas:/home/oracle
glibc-devel-1.166.el6_7.7.i686
glibc-headers-1.166.el6_7.7.x86_64
glibc-1.166.el6_7.7.x86_64
glibc-devel-1.166.el6_7.7.x86_64
glibc-common-1.166.el6_7.7.x86_64
glibc-1.166.el6_7.7.i686
Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: