2021年12月10日,Oracle发布了Security Alert CVE-2021-44228,以回应2.15版本之前一个影响Apache Log4j的新漏洞的披露,Oracle 19c安装时包括了AHF,19.12中AHF使用的log4j
根据mos建议,需要下载Patch 30166242
[root@dbsrv1 opt]# find ./ -name log4j*
./oracle.ahf/common/jlib/log4j-core-2.13.3.jar
./oracle.ahf/common/jlib/log4j-api-2.13.3.jar
打补丁后AHF中的log4j版本为2.17.1
1、 下载补丁Patch 30166242,校验检测后传入服务器,如果单位有安全要求,请先进行补丁介质的杀毒和登记,确保补丁不会对信息系统产生安全影响。
2、 补丁应用,该补丁应用其实是对AHF的升级。使用root用户进行升级操作
[root@dbsrv1 AHF]# ./ahf_setup -local
[root@gzrac01 ~]# ./ahf_setup -local
AHF Installer for Platform Linux Architecture x86_64
AHF Installation Log : /tmp/ahf_install_233000_144975_2023_05_08-01_41_42.log
Starting Autonomous Health Framework (AHF) Installation
AHF Version: 23.3.0 Build Date: 202304052152
AHF is already installed at /opt/oracle.ahf
Installed AHF Version: 21.4.3 Build Date: 202203082127
Do you want to upgrade AHF [Y]|N : y
Upgrading /opt/oracle.ahf
[root@gzrac01 ~]# ./ahf_setup -local
AHF Installer for Platform Linux Architecture x86_64
AHF Installation Log : /tmp/ahf_install_233000_144975_2023_05_08-01_41_42.log
Starting Autonomous Health Framework (AHF) Installation
AHF Version: 23.3.0 Build Date: 202304052152
AHF is already installed at /opt/oracle.ahf
Installed AHF Version: 21.4.3 Build Date: 202203082127
Do you want to upgrade AHF [Y]|N : y
Upgrading /opt/oracle.ahf
TFA-00002 Oracle Trace File Analyzer (TFA) is not running
检查oracle-tfa.service服务
[root@dbsrv1 data]# systemctl status oracle-tfa.service
tfactl status