OFS Data Foundation Application Pack is a
separately licensed product.
Description
Bug # 26034101 - POSS ALERT CVE-2017-5638 STRUTS 2 UPG TO 2.3.32, 2.5
Prerequisites
The
pre-requisites required for this release is as follows:
· The minimum patch set level should be OFSDF
8.0.3.0.0
· Upgrade to Struts compatible version (2.3.32) using the steps mentioned
in 2254323.1.
Ignore this prerequisite, if this upgrade has already been done for other
associated products.
Note: This
patch contains critical security vulnerability fix on Apache Struts version.
The Apache Struts 2.3.32 jars upgrade is optional for FSDF. If all the
applications have provided Apache Struts 2.3.32 upgrade then the Struts 2.3.32
jars upgrade can be done.
How to Apply This One-Off Patch Release?
Perform the following steps to apply the
one-off patch:
1.
Login to https://support.oracle.com/, and search
for Bug# 26034101 under Patches and Updates tab.
2. Download 26034101_GENERIC.zip archive file, and copy it to your OFSAA server in Binary mode.
3. Shut down all the OFSAAI Services.
4. Extract the contents of the patch archive file by using the command: unzip -a <name of the file to be unzipped>
For example: unzip -a 26034101_GENERIC.zip
Note: The above "-a" option is mandatory to
unzip the patch. In case you notice an error message “unzip: not found [No such file or directory” when the package is not installed, contact your UNIX administrator to
resolve this issue. For further details, refer to Oracle Financial Services Data
Foundation Installation Manual Release 8.0.4.0.0 in OTN Documentation Library.
5. Grant RWX (755) permissions for folder by executing command: chmod -R 755 OFS_BFND
6. Navigate to the path: <>/OFS_BFND/conf
7. Update the UPLOAD_MODEL parameter value to 0 in params.conf file to skip model upload.
8. Navigate to the path: <>/OFS_BFND/bin
9. Execute the command: ./install.sh
10. Verify the patch installation logs in the location <>/OFS_BFND/logs. Contact Oracle support in case of any errors.
11. Upgrade to Struts compatible version (2.3.32) using the steps mentioned
in 2254323.1
12. Generate the application EAR/WAR file and redeploy the application in
the configured web application server. For further details, refer to Oracle Financial
Services Data Foundation Installation Manual Release 8.0.4 in OTN Documentation
Library.
13. Restart all the OFSAAI services. For further details, refer to Oracle
Financial Services Data Foundation Installation Manual Release 8.0.0.0.0 in OTN Documentation
Library.
List of
Bugs Fixed
Bugs |
Description |
26034101 |
POSS ALERT
CVE-2017-5638 STRUTS 2 UPG TO 2.3.32 |