Why... Why... Why?
This blog is dedicated to documenting error resolution and other tidbits that I discover while working as a Consultant in the Oracle EPM (Hyperion) field. As much of my job revolves around issue resolution, I see an opportunity to supplement the typical troubleshooting avenues such as the Oracle Knowledgebase and Oracle Forums with more pinpointed information about specific errors as they are encountered. Beware, the information found in this blog is for informational purposes only and comes without any warranty or guarantee of accuracy.

EPMVirt: Create your own Oracle Hyperion Virtual Environment:

Thursday, December 1, 2016

Keep Your Hyperion Platform Secure by Patching WebLogic

One of the Hyperion Administration tasks often overlooked is the need to patch the underlying components such as WebLogic. If you subscribe to the Oracle security vulnerabilities, you will find frequent critical patch vulnerabilities released.

For instance, the October CPU release link is:

Searching for WebLogic will bring up a list of vulnerabilities addressed in this CPU cycle.

If you are curious you can search on the CVE number to get more details.

For instance,
CVE 2015-7501 is part of a bug in apache-commons library bundled inside WebLogic (and JBoss, etc).

Looking back at the CPU article under WebLogic:

Following the link to the Oracle Support Note will require an Oracle Support Login. Once logged in, you can find the suggested patch:
WebLogic Server home PSU Patch 23743997

It is always important to read the README file and all instructions that go along with the patch. Let's take a look at a typical example. Most often the process is twofold:
   1) uninstall any old patches
   2) apply the new patch using the bsu command (in Weblogic 10.3.x)

Some useful snippets from the README:
Oracle WebLogic Server Patch Set Update README
========================================================= This README provides information about how to apply Oracle WebLogic Server
Patch Set Update It also provides information about reverting to
the original version. Released: Oct, 2016 Smart Update Details of Oracle WebLogic Server Patch Set Update
-------------------------------------------------------------------------- PATCH_ID - K25M
Patch number - 23743997

Preparing to Install Oracle WebLogic Server Patch Set Update
----------------------------------------------------------------------- - WebLogic Server Patch Set Update (PSU) can be applied on a per-domain basis
(or on a more fine-grained basis), Oracle recommends that PSU be applied on an installation-wide basis.
PSU applied to a WebLogic Server installation using this recommended practice
affect all domains and servers sharing that installation.
- Login as same "user" with which the component being patched is installed.
- Stop all WebLogic servers.
- Remove any previously applied WebLogic Server Patch Set Update and associated overlay patches
Installing Oracle WebLogic Server Patch Set Update - unzip p23743997_1036_Generic.zip to {MW_HOME}/utils/bsu/cache_dir or any local directory Note: You must make sure that the target directory for unzip has required write and executable permissions for "user" with which the component being patched is installed. - Navigate to the {MW_HOME}/utils/bsu directory. - Execute bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME} Where, WL_HOME is the path of the WebLogic home Reference: BSU Command line interface http://docs.oracle.com/cd/E14759_01/doc.32/e14143/commands.htm To verify the installed patch: b) The following command is a simple way to determine the application of WebLogic Server PSU. $ . $WL_HOME/server/bin/setWLSEnv.sh $ java weblogic.version In the following example output, is the installed WebLogic Server PSU. WebLogic Server PSU Patch for BUG23743997

Translating this into actual commands:
cd Oracle\Middleware\utils\bsu\
bsu.cmd -remove -prod_dir=Oracle\Middleware\wlserver_10.3 -patchlist=UIAL
Checking for conflicts....
No conflict(s) detected
Removing Patch ID: UIAL..
Result: Success
bsu.cmd -install -prod_dir=\Oracle\Middleware\wlserver_10.3 -patch_download_dir=\Oracle\Mid
dleware\utils\bsu\cache_dir -patchlist=K25M

Checking for conflicts....
No conflict(s) detected
Installing Patch ID: K25M..
Result: Success
Testing the patch...

Your environment has been set.
 >java weblogic.version
WebLogic Server PSU Patch for BUG23743997 TUE AUG 30 18:34:42 IST 2016
WebLogic Server  Tue Nov 15 08:52:36 PST 2011 1441050
Use 'weblogic.version -verbose' to get subsystem information
Use 'weblogic.utils.Versions' to get version information for all modules
Success! The version matches that of the README.

No comments:

Post a Comment