My Oracle Support Banner

Guidelines for software/security patching on BDA (Doc ID 2132520.1)

Last updated on SEPTEMBER 12, 2023

Applies to:

Big Data Appliance Integrated Software - Version 4.1.0 and later
Linux x86-64

Goal

Provide basic guidelines for updating software/security fixes on BDA.

Separate security patch updates are not released on the BDA.  Security-conscious customers may review the CPU updates and apply the relevant Oracle Linux or JDK or UEK updates if required.  In this case Oracle Linux, JDK and UEK updates may be applied.  Details follow below.

Note that different types of patching may require downtime:

  1. OS patching should not require downtime.
  2. Kernel patching requires server downtime but can be done in a rolling fashion.
  3. JDK patching using, Instructions for Installing a Higher JDK Version on a BDA Cluster than the Default Provided by Mammoth Using RPMs (Doc ID 2262922.1), requires cluster downtime

A Mammoth upgrade (which patches all of the above) offers a rolling option that allows for zero-downtime for HDFS and YARN.

To summarize: In general all BDA releases fix all vulnerabilities which have patches released about a month before the Mammoth release date. Patching the OS, the kernel, the JDK and the Hadoop stack is allowed separately.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.