My Oracle Support Banner

Oracle MiniCluster MC-S7: CVE-2017-3629 (Doc ID 2287850.1)

Last updated on JULY 19, 2017

Applies to:

Oracle MiniCluster Specific Software - Version 1.x to 1.x [Release 1.0]
Solaris Operating System - Version 11.3 to 11.3 [Release 11.0]
Oracle Solaris on SPARC (64-bit)
This document addresses how to get the fixes for CVE-2017-3629 and two other vulnerabilities affecting Oracle Solaris specific to Oracle Minicluster MC-S7 systems.

Due to the severity of these vulnerabilities and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided as soon as possible.

Symptoms

 These are local privilege escalation vulnerabilities that may only be exploited over a network with a valid username and password. Together, these vulnerabilities may allow privilege escalation to root.

 

Changes

Standard Oracle Solaris versions 10 and 11 are affected. This document provides the details on the fixes for Oracle Solaris version 11.3 on Oracle Minicluster MC-S7 systems *only*.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
 Access to the IDRs
 Preparing for the IDR installation
 Installing the IDR in Primary Global Zone of each MC-S7 node
 Installing the IDR in ACFS Kernel Zone
 Rebooting the MC-S7 after applying the IDR
 Removing the IDR prior to next MC-S7 SW Upgrade
 Upgrading from MC-S7 SW version 1.1.25.4+idr 3211.1 to MC-S7 SW version 1.1.30.2+idr3212
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.