How to fix Apache commons vulnerability on EM Agent
To fix this ,Patch #34980350 should be applied. Patch Details: ============== Agent Patch #34980350 (13c Release 5 Update 14 (13.5.0.14) on Agent) Patch size: 141.3 MB Platform:Generic Platform AgentPatcher: ============= Version: 13.9.5.4.0 Patch #33355570 Patch size : 821.4 KB Platform:Generic Platform Vulnerabilty file name: commons-text-1.8.jar Path:/u00/app/oracle/agent13c/agent_13.5.0.0.0/jlib These patches are on Generic Platform OEM Agent Version: 13.5 OMS Version: 13.5 Prerequisites: ================ Dependent Patch on OMS server: Apply Enterprise Manager 13c Release 5 Update 14 Patch 34980354 or it's later . Follow this Patch 34980354 OEM 13c Release 5 Update 14 for OMS Agent Patcher Version: 13.9.5.4.0 or later
| Pre patch steps :
========================== Backup of oraInventory: ========================== oax01v:/u00/app/oraInventory:SID=agent135 > cd .. oax01v:/u00/app:SID=agent135 > ls -ltr total 8 drwxr-xr-x 13 oracle oinstall 4096 Jul 28 2022 oracle drwxrwx— 7 oracle oinstall 256 May 19 16:40 oraInventory oax01v:/u00/app:SID=agent135 > cp -Rp oraInventory oraInventory_bkp |
Step 1) Download below files from http://support.oracle.com
patch File name: p34980350_135000_Generic.zip
Agent Patcher File name : p33355570_135000_Generic.zip
Step 2) unzip the AgentPatcher
unzip p33355570_135000_Generic.zip
Archive: p33355570_135000_Generic.zip
creating: AgentPatcher/
inflating: AgentPatcher/agentpatcher
creating: AgentPatcher/scripts/
creating: AgentPatcher/scripts/agent/
inflating: AgentPatcher/scripts/agent/agentpatcher
creating: AgentPatcher/scripts/agent/agent_child_scripts/
inflating: AgentPatcher/scripts/agent/agent_child_scripts/agentpatcher_jvm_discovery.bat
inflating: AgentPatcher/scripts/agent/agent_child_scripts/agentpatcher_jvm_discovery
inflating: AgentPatcher/scripts/agent/agentpatcher.bat
creating: AgentPatcher/jlib/
inflating: AgentPatcher/jlib/oracle.omspatcher.classpath.windows.jar
inflating: AgentPatcher/jlib/oracle.omspatcher.classpath.unix.jar
inflating: AgentPatcher/jlib/omspatcher.jar
inflating: AgentPatcher/jlib/oracle.omspatcher.classpath.jar
inflating: AgentPatcher/agentpatcher.bat
extracting: AgentPatcher/version.txt
replace readme.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
inflating: readme.txt
inflating: PatchSearch.xml
| Step 3) Verify the version of AgentPatcher
oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/AgentPatcher:SID=agent135 > ./agentpatcher version AgentPatcher Version: 13.9.5.4.0 OPlan Version: 12.2.0.1.16 OsysModel build: Tue Apr 28 18:16:31 PDT 2020 AgentPatcher succeeded. |
| Step 4) Verify the lspatches before patch apply
oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/AgentPatcher:SID=agent135 > ./agentpatcher lspatches |
AgentPatcher Automation Tool
AgentPatcher version : 13.9.5.4.0
OUI version : 13.9.4.0.0
Running from : /u00/app/oracle/agent13c/agent_13.5.0.0.0
Log file location : /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/opatch2023-05-21_01-21-59AM_1.log
May 21, 2023 1:22:00 AM org.apache.sshd.common.io.DefaultIoServiceFactoryFactory getIoServiceProvider
INFO: No detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
Component Name/Version Component Type System Patch (Sub)-Patches Patch Description
------------------------ ------------- ------------- -------------- ------------------
oracle.sysman.agent.ic/13.5.0.0.0 Core N/A 32313251
N/A 32302527
N/A 32574981
NOTE: N/A indicates that the subpatch mentioned in the Subpatches column was applied as a one-off patch and not as part of any system patch.
AgentPatcher has saved inventory details for the above component at below location.
"/u00/app/oracle/agent13c/agent_13.5.0.0.0"
For more details on installed patch(es), Please do "/u00/app/oracle/agent13c/agent_13.5.0.0.0/OPatch/opatch lsinventory -details"
AgentPatcher succeeded.
oax01v:
| Step 5) apply -analyze
oax01v:/u00/software/OEM135/34980350:SID=agent135 > $ORACLE_HOME/AgentPatcher/agentpatcher apply -analyze |
AgentPatcher Automation Tool
AgentPatcher version : 13.9.5.4.0
OUI version : 13.9.4.0.0
Running from : /u00/app/oracle/agent13c/agent_13.5.0.0.0
Log file location : /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/opatch2023-05-21_01-26-46AM_1.log
AgentPatcher log file: /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/34980350/agentpatcher_2023-05-21_01-26-49AM_analyze.log
Prereq "checkComponents" for patch 34980335 passed.
Prereq "checkComponents" for patch 33869752 passed.
Prereq "checkComponents" for patch 34471145 passed.
Prereq "checkComponents" for patch 34980339 passed.
Prereq "checkComponents" for patch 34980342 passed.
Prereq "checkComponents" for patch 35123051 passed.
Prereq "checkComponents" for patch 34981735 passed.
Prereq "checkComponents" for patch 33737099 passed.
Running apply prerequisite checks for sub-patch(es) "34980335,33737099,34471145,35123051,33869752,34981735,34980339,34980342" and Oracle Home "/u00/app/oracle/agent13c/agent_13.5.0.0.0"...
Sub-patch(es) "34980335,33737099,34471145,35123051,33869752,34981735,34980339,34980342" are successfully analyzed for Oracle Home "/u00/app/oracle/agent13c/agent_13.5.0.0.0"
Complete Summary
================
All log file names referenced below can be accessed from the directory "/u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/2023-05-21_01-26-46AM_SystemPatch_34980350_1"
Prerequisites analysis summary:
-------------------------------
The following sub-patch(es) are applicable:
Featureset Sub-patches Log file
---------- ----------- --------
oracle.sysman.top.agent 34980335,33737099,34471145,35123051,33869752,34981735,34980339,34980342 34980335,33737099,34471145,35123051,33869752,34981735,34980339,34980342_opatch2023-05-21_01-26-52AM_1.log
The following sub-patches are incompatible with components installed in the Agent system:
34611842,32968787,34471036,33715858,35123078,34471072,34541981,34158793,35123301,35123348,34983025,33586851,34158650,34024065
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The following patches could not be applied during OPatch execution:
**********************************************************************************
Patch Reason
********* *********
34611842 The Plugin or Core Component "oracle.sysman.am.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
32968787 The Plugin or Core Component "oracle.sysman.bda.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34471036 The Plugin or Core Component "oracle.sysman.empa.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
33715858 The Plugin or Core Component "oracle.sysman.bda.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
35123078 The Plugin or Core Component "oracle.sysman.xa.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34471072 The Plugin or Core Component "oracle.sysman.empa.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34541981 The Plugin or Core Component "oracle.sysman.vt.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34158793 The Plugin or Core Component "oracle.sysman.emrep.agent.plugin with version 13.5.0.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
35123301 The Plugin or Core Component "oracle.sysman.emas.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
35123348 The Plugin or Core Component "oracle.sysman.xa.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34983025 The Plugin or Core Component "oracle.sysman.vi.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
33586851 The Plugin or Core Component "oracle.sysman.emfa.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34158650 The Plugin or Core Component "oracle.sysman.emfa.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34024065 The Plugin or Core Component "oracle.sysman.vi.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Log file location: /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/34980350/agentpatcher_2023-05-21_01-26-49AM_analyze.log
AgentPatcher succeeded.
Step 6) Stop agent
emctl stop agent
/u00/app/oracle/agent13c/agent_13.5.0.0.0/bin:SID=agent135 > ./emctl stop agent
Stopping agent ... stopped.
| Step 7) agentpatcher apply oax01v:/u00/software/OEM135:SID=agent135 > cd 34980350 /u00/software/OEM135/34980350oax01v:/u00/software/OEM135/34980350:SID=agent135 > $ORACLE_HOME/AgentPatcher/agentpatcher apply |
AgentPatcher Automation Tool
AgentPatcher version : 13.9.5.4.0
OUI version : 13.9.4.0.0
Running from : /u00/app/oracle/agent13c/agent_13.5.0.0.0
Log file location : /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/opatch2023-05-21_01-35-42AM_1.log
AgentPatcher log file: /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/34980350/agentpatcher_2023-05-21_01-35-45AM_deploy.log
Prereq "checkComponents" for patch 34980335 passed.
Prereq "checkComponents" for patch 33869752 passed.
Prereq "checkComponents" for patch 34471145 passed.
Prereq "checkComponents" for patch 34980339 passed.
Prereq "checkComponents" for patch 34980342 passed.
Prereq "checkComponents" for patch 35123051 passed.
Prereq "checkComponents" for patch 34981735 passed.
Prereq "checkComponents" for patch 33737099 passed.
Running apply prerequisite checks for sub-patch(es) "34980335,33737099,34471145,35123051,33869752,34981735,34980339,34980342" and Oracle Home "/u00/app/oracle/agent13c/agent_13.5.0.0.0"...
Sub-patch(es) "34980335,33737099,34471145,35123051,33869752,34981735,34980339,34980342" are successfully analyzed for Oracle Home "/u00/app/oracle/agent13c/agent_13.5.0.0.0"
To continue, AgentPatcher will do the following:
[Patch and deploy artifacts] :
Do you want to proceed? [y|n]
y
User Responded with: Y
Applying sub-patch(es) "33737099,33869752,34471145,34980335,34980339,34980342,34981735,35123051"
Please monitor log file: /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/opatch/opatch2023-05-21_01-35-48AM_1.log
Complete Summary
================
All log file names referenced below can be accessed from the directory "/u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/2023-05-21_01-35-42AM_SystemPatch_34980350_1"
Patching summary:
-----------------
Binaries of the following sub-patch(es) have been applied successfully:
Featureset Sub-patches Log file
---------- ----------- --------
oracle.sysman.top.agent_13.5.0.0.0 33737099,33869752,34471145,34980335,34980339,34980342,34981735,35123051 33737099,33869752,34471145,34980335,34980339,34980342,34981735,35123051_opatch2023-05-21_01-35-48AM_1.log
The following sub-patches are incompatible with components installed in the Agent system:
34611842,32968787,34471036,33715858,35123078,34471072,34541981,34158793,35123301,35123348,34983025,33586851,34158650,34024065
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
The following patches could not be applied during OPatch execution:
**********************************************************************************
Patch Reason
********* *********
34611842 The Plugin or Core Component "oracle.sysman.am.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
32968787 The Plugin or Core Component "oracle.sysman.bda.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34471036 The Plugin or Core Component "oracle.sysman.empa.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
33715858 The Plugin or Core Component "oracle.sysman.bda.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
35123078 The Plugin or Core Component "oracle.sysman.xa.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34471072 The Plugin or Core Component "oracle.sysman.empa.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34541981 The Plugin or Core Component "oracle.sysman.vt.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34158793 The Plugin or Core Component "oracle.sysman.emrep.agent.plugin with version 13.5.0.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
35123301 The Plugin or Core Component "oracle.sysman.emas.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
35123348 The Plugin or Core Component "oracle.sysman.xa.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34983025 The Plugin or Core Component "oracle.sysman.vi.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
33586851 The Plugin or Core Component "oracle.sysman.emfa.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34158650 The Plugin or Core Component "oracle.sysman.emfa.agent.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
34024065 The Plugin or Core Component "oracle.sysman.vi.discovery.plugin with version 13.5.1.0.0" for which the patch is intended is not deployed in your Enterprise Manager system.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Log file location: /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/34980350/agentpatcher_2023-05-21_01-35-45AM_deploy.log
AgentPatcher succeeded.
| Step 8) Verify the lspatches
oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0:SID=agent135 > $ORACLE_HOME/AgentPatcher/agentpatcher lspatches |
AgentPatcher Automation Tool
AgentPatcher version : 13.9.5.4.0
OUI version : 13.9.4.0.0
Running from : /u00/app/oracle/agent13c/agent_13.5.0.0.0
Log file location : /u00/app/oracle/agent13c/agent_13.5.0.0.0/cfgtoollogs/agentpatcher/opatch2023-05-21_01-54-02AM_1.log
May 21, 2023 1:54:03 AM org.apache.sshd.common.io.DefaultIoServiceFactoryFactory getIoServiceProvider
INFO: No detected/configured IoServiceFactoryFactory using Nio2ServiceFactoryFactory
Component Name/Version Component Type System Patch (Sub)-Patches Patch Description
------------------------ ------------- ------------- -------------- ------------------
oracle.sysman.si.agent.plugin/13.5.1.0.0 Plugin 34980350 34980342 Oracle Enterprise Manager for Systems Infrastructure 13c Release 5 Plug-in Update 14 (13.5.1.14) for Oracle Management Agent
oracle.sysman.si.discovery.plugin/13.5.1 Plugin 34980350 33737099 Oracle Enterprise Manager for Systems Infrastructure 13c Release 5 Plug-in Update 4 (13.5.1.4) for Oracle Management Agent (Discovery)
.0.0
oracle.sysman.agent.ic/13.5.0.0.0 Core N/A 32313251
N/A 32302527
N/A 32574981
34980350 33869752 Tracking bug to repackage JDBC patch from 32752229 as 13.5 EM Agent patch
oracle.sysman.emas.discovery.plugin/13.5 Plugin 34980350 35123051 Oracle Enterprise Manager for Fusion Middleware 13c Release 5 Plug-in Update 14 (13.5.1.14) for Oracle Management Agent (Discovery)
.1.0.0
oracle.sysman.db.discovery.plugin/13.5.1 Plugin 34980350 34981735 Oracle Enterprise Manager for Oracle Database 13c Release 5 Plug-in Update 13 (13.5.1.13) for Oracle Management Agent (Discovery)
.0.0
oracle.sysman.oh.agent.plugin/13.5.0.0.0 Plugin 34980350 34471145 Oracle Enterprise Manager for Oracle Home 13c Release 5 Plug-in Update 9 (13.5.0.9) for Oracle Management Agent
oracle.sysman.db.agent.plugin/13.5.1.0.0 Plugin 34980350 34980339 Oracle Enterprise Manager for Oracle Database 13c Release 5 Plug-in Update 14 (13.5.1.14) for Oracle Management Agent
oracle.sysman.top.agent/13.5.0.0.0 Core 34980350 34980335 Oracle Enterprise Manager 13c Release 5 Platform Update 14 (13.5.0.14) for Oracle Management Agent
NOTE: N/A indicates that the subpatch mentioned in the Subpatches column was applied as a one-off patch and not as part of any system patch.
AgentPatcher has saved inventory details for the above component at below location.
"/u00/app/oracle/agent13c/agent_13.5.0.0.0"
For more details on installed patch(es), Please do "/u00/app/oracle/agent13c/agent_13.5.0.0.0/OPatch/opatch lsinventory -details"
AgentPatcher succeeded.
oax01v:
| Step 9) Verify the apache commons version:
oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/jlib:SID=agent135 > ls -ltr commons-text-1.8.jar |
commons-text-1.8.jar not found oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/jlib:SID=agent135 > ls -ltr commons-text* -rw-r--r-- 1 oracle oinstall 238400 Mar 30 05:08 commons-text-1.10.0.jar Step 10 ) Start Agent oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/bin:SID=agent135 > ./emctl start agent Oracle Enterprise Manager Cloud Control 13c Release 5 Starting agent .................................................................................. started. oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/bin:SID=agent135 > Step 11 ) Verify Agent status oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/bin:SID=agent135 > ./emctl status agent|grep -i running Agent is Running and Ready oax01v:/u00/app/oracle/agent13c/agent_13.5.0.0.0/bin:SID=agent135 >
Displaying How to fix Apache commons vulnerability on EM Agent.txt.