My Oracle Support Banner

Exalogic: Security Alert CVE-2021-4034 Patch Availability Document for Oracle Exalogic Infrastructure (Doc ID 2846705.1)

Last updated on FEBRUARY 02, 2022

Applies to:

Oracle Exalogic Elastic Cloud Software - Version 2.0.6.3.0 and later
Information in this document applies to any platform.
Linux x86-64
Oracle Virtual Server x86-64
Exalogic Virtual Releases 2.0.6.3.0 and higher versions
Exalogic Virtual Releases 2.0.6.4.0 and higher versions
Exalogic Physical Releases 2.0.6.3.0 and higher versions
Exalogic Physical Releases 2.0.6.4.0 and higher versions

Purpose

In response to Security Alert CVE-2021-4034, Oracle has released patches for Oracle Exalogic Infrastructure. The purpose of this document is to provide you
information on how to obtain and apply these security updates.

Note:

To be notified when this document changes, mark this article as a favorite, and follow instructions for email notification in following Note:

Subscribing to Hot Topic E-Mails - [VIDEO] (Doc ID 793436.2)

Scope

The updates provided in this MOS note apply to the following components on Exalogic:

Compute nodes running OVS 3.2.11 on Virtual are not affected by this vulnerability, since the polkit package is not installed on them out of the box.

The following components on Exalogic are in sustaining mode and will not receive updates for this vulnerability:

Customers on Oracle Linux 5 are strongly recommended to move to Oracle Linux 6 or 7 as soon as possible.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 For hosts running Oracle Linux 6 or OVS 3.4
 For hosts running Oracle Linux 7
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.