My Oracle Support Banner

DROWN Vulnerability (CVE-2016-0800) - Patch Availability for Oracle Exalogic Linux Physical and Virtual Racks (Doc ID 2119715.1)

Last updated on NOVEMBER 26, 2019

Applies to:

Oracle Exalogic Elastic Cloud Software - Version 2.0.0.0.0 to 2.0.6.2.4
Exalogic Elastic Cloud X5-2 Eighth Rack
Linux x86-64
Oracle Exalogic Elastic Cloud Software v2.0.0.x
Oracle Exalogic Elastic Cloud Software v2.0.3.x
Oracle Exalogic Elastic Cloud Software v2.0.6.x
Oracle Exalogic Elastic Cloud Software v2.0.6.1.x
Oracle Exalogic Elastic Cloud Software v2.0.6.2.0, v2.0.6.2.1, v2.0.6.2.2, v2.0.6.2.3, v2.0.6.2.4
Oracle Virtual Server (x86-64)

Purpose

This document provides a list of all Exalogic Elastic Cloud Software (EECS) releases affected by CVE-2016-0800, a.k.a the DROWN Vulnerability, along with instructions on how to remediate the vulnerabilities on Compute Nodes and Guest vServers.

Overview of CVE-2016-0800:

A padding Oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN.

To learn more about CVE-2016-0800 visit the MITRE CVE dictionary and NIST NVD.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Details
 EXALOGIC PHYSICAL DEPLOYMENTS
 COMPUTE NODES RUNNING ORACLE LINUX 5.x & Oracle Linux 6.x
 EXALOGIC VIRTUAL DEPLOYMENTS
 Exalogic Control Stack
 Exalogic Guest vServers Running Oracle Linux 5.x and Oracle Linux 6.x
 Exalogic Compute Nodes Running Oracle Virtual Server (dom0)
 Compute Node ILOM's and ZFSSA ILOM's
 Infiniband Switches
 ZFSSA Storage
 PATCH ROLLBACK PROCEDURE
 Download RPM’s
 Rollback Procedure for Exalogic Physical Deployments - Compute Nodes running Oracle Linux 5.x:
 Procedure for Exalogic Physical Deployments - Compute Nodes running Oracle Linux 6.x
 Rollback Procedure for Exalogic Virtual Deployments – Control Stack vServers
 Rollback Procedure for Exalogic Virtual Deployments – Guest vServers running Oracle Linux 5.x
 Rollback Procedure for Exalogic Virtual Deployments – Guest vServers running Oracle Linux 6.x
 Rollback Procedure for Exalogic Virtual Deployments – Compute Nodes running Oracle Virtual Server
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.