My Oracle Support Banner

Guidelines for software/security patching on BDA (Doc ID 2132520.1)

Last updated on JUNE 10, 2018

Applies to:

Big Data Appliance Integrated Software - Version 4.1.0 and later
Linux x86-64

Goal

Provide basic guidelines for updating software/security fixes on BDA.

BDA releases come out quarterly (approximately).  Therefore separate security patch updates are not released. Instead the recommendation is to upgrade to the most recent BDA release.

Security-conscious customers may review the CPU updates and apply the relevant Oracle Linux or JDK or UEK updates if required.  In this case Oracle Linux, JDK and UEK updates may be applied outside of the regular BDA upgrade cycle.  Details follow below.

Note that different types of patching may require downtime:

  1. OS patching should not require downtime.
  2. Kernel patching requires server downtime but can be done in a rolling fashion.
  3. JDK patching using, Instructions for Installing a Higher JDK Version on a BDA Cluster than the Default Provided by Mammoth Using RPMs (Doc ID 2262922.1), requires cluster downtime

A Mammoth upgrade (which patches all of the above) offers a rolling option that allows for zero-downtime for HDFS and YARN.

To summarize: In general all BDA releases fix all vulnerabilities which have patches released about a month before the Mammoth release date. Patches available after that cutoff are rolled into the next release (with releases roughly quarterly). If patches are needed before the next full release, patching the OS, the kernel, the JDK and the Hadoop stack is allowed separately before the next full release.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.