Exalogic: Security Alert CVE-2021-44228 / CVE-2021-45046 Patch Availability Document for Oracle Exalogic Infrastructure
(Doc ID 2829536.1)
Last updated on JUNE 29, 2023
Applies to:
Oracle Exalogic Elastic Cloud Software - Version 2.0.6.3.180717 and laterLinux x86-64
Oracle Virtual Server x86-64
Exalogic Virtual Releases 2.0.6.3.180717 (July 2018 PSU) and higher versions
Exalogic Virtual Releases 2.0.6.4.0 and higher versions
Purpose
In response to Security Alert CVE-2021-44228, Oracle has released patches for Oracle Exalogic Infrastructure. The purpose of this document is to provide you information on how to obtain and apply these security updates. Please note that these patches address both vulnerabilities CVE-2021-44228 and CVE-2021-45046.
To be notified when this document changes, mark this article as a favorite, and follow instructions for email notification in following Note:
Subscribing to Hot Topic E-Mails - [VIDEO] (Doc ID 793436.2)
Scope
This document applies to Oracle Exalogic Infrastructure in a virtualized configuration running 2.0.6.3.180717 (July 2018 PSU) or higher versions, including 2.0.6.4.x.
- In Exalogic Virtual releases earlier than July 2018 PSU, the Apache Log4j library included was version 1.x, which is reported as not having these vulnerabilities
- The Exalogic Infrastructure for Physical deployments does not include the vulnerable Apache Log4j libraries by default
Note that the vulnerabilities in Exalogic Infrastructure are limited to the control stack on Virtual. The compute nodes (dom0) and guest domU instances do not include vulnerable versions of the log4j libraries by default.
IMPORTANT NOTE:
Review the following to determine the impact and considerations for all Oracle products which may be deployed on Exalogic and use these or different Log4j jar files:
Impact of December 2021 Apache Log4j Vulnerabilities on Oracle Products and Services (CVE-2021-44228, CVE-2021-45046) (Doc ID 2827611.1)
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Scope |
Details |
References |