My Oracle Support Banner

How to research Common Vulnerabilities and Exposures (CVE) for Exadata packages (Doc ID 2256887.1)

Last updated on FEBRUARY 12, 2021

Applies to:

Linux OS - Version Oracle Linux 5.8 and later
Oracle Cloud Infrastructure - Version N/A and later
Oracle Exadata Storage Server Software - Version 11.2.1.2.0 and later
Linux x86-64

Purpose

Customers running security scanning tools against Exadata machines receive vulnerability reports which may list Common Vulnerabilities and Exposures (CVE). This document addresses how to research identified Oracle Linux CVEs and determine the Exadata release where the issue is resolved/mitigated.  Some of the more common Oracle Linux CVEs are documented in Responses to common Exadata security scan findings (Doc ID 1405320.1).  However, it is not feasible to maintain a list of all CVEs.  The purpose of this note is to be used in conjunction with Doc ID 1405320.1 and assist customers in researching individual CVEs.  CVEs, once mitigated, are identified/reviewed for the next monthly release.  It is important for customers to apply releases in a timely manner.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Purpose
Details
 1.a CVE Search
 1.b Errata Search
 2. Errata Output
 3. System Check
 4. Package Comparison
 5. Exadata Release Search
 6. RPM Search
 7. Filter Output
  8. RPM Details
 9. Alternative RPM Upgrades
 10. CVE External References
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.