Oracle Weblogic 反序列化漏洞 (CVE-2018-2893 )的補丁升級操作
Oracle官方釋出了7月份的關鍵補丁更新 CPU(CriticalPatchUpdate ),其中包含一個高危的 Weblogic 反序列化漏洞 (CVE-2018-2893 ),該漏洞透過JRMP協議利用RMI機制的缺陷達到執行任意反序列化程式碼的目。 攻擊者可以在未授權情況下將 payload 封裝在T3協議中,透過對T3協議中的 payload 進行反序列化,從而實現對存在漏洞的 進行反序列化,從而實現對存在漏洞的WebLogic元件進行遠端攻擊,執行任意程式碼並可獲取目標系統的所有許可權。受影響的頒佈為Oracle WebLogicServer 10.3.6.0,Oracle WebLogicServer 12.1.3.0,Oracle WebLogicServer 12.2.1.2,Oracle WebLogicServer 12.2.1.3
Oracle目前已經發布了升級補丁可參考連結"Critical Patch Update (CPU) Program July 2018 Patch Availability Document (PAD) (Doc ID 2394520.1)"
我們的生產環境WebLogic主要是兩個版本10.3.6.0與12.1.3.0。下面是具體操作
對於10.3.6.0版本需要執行bsh.sh指令碼來進行補丁安裝
1.首先下載補丁包27919965_1036_Generic.zip
2.將補丁包27919965_1036_Generic.zip上傳到{MW_HOME}/utils/bsu/cache_dir 其中MW_HOME是Weblogic的BASE目錄,類似於Oracle BASE目錄
3.將補丁包27919965_1036_Generic.zip解壓
[root@app1 cache_dir]# unzip p27919965_1036_Generic.zip Archive: p27919965_1036_Generic.zip extracting: B47X.jar inflating: patch-catalog_26112.xml inflating: README.txt
4.執行安裝命令(bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}) 其中WL_HOME是WebLogic home目錄
root@app1 bsu]# ./bsu.sh -install -patch_download_dir=/wls11g/utils/bsu/cache_dir -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3 Checking for conflicts............... No conflict(s) detected Installing Patch ID: B47X.. Result: Success
5.檢查補丁包是否安裝成功
[root@app1 bsu]# ./bsu.sh -prod_dir=/wls11g/wlserver_10.3 -status=applied -verbose -view ProductName: WebLogic Server ProductVersion: 10.3 MP6 Components: WebLogic Server/Core Application Server,WebLogic Server/Admi nistration Console,WebLogic Server/Configuration Wizard and Upgrade Framework,WebLogic Server/Web 2.0 HTTP Pub-Sub Serve r,WebLogic Server/WebLogic SCA,WebLogic Server/WebLogic JDBC Drivers,WebLogic Server/Third Party JDBC Drivers,WebLogic S erver/WebLogic Server Clients,WebLogic Server/WebLogic Web S erver Plugins,WebLogic Server/UDDI and Xquery Support,WebLog ic Server/Evaluation Database,WebLogic Server/Workshop Code Completion Support BEAHome: /wls11g ProductHome: /wls11g/wlserver_10.3 PatchSystemDir: /wls11g/utils/bsu PatchDir: /wls11g/patch_wls1036 Profile: Default DownloadDir: /wls11g/utils/bsu/cache_dir JavaVersion: 1.6.0_29 JavaVendor: Sun Patch ID: B47X PatchContainer: B47X.jar Checksum: -345780037 Severity: optional Category: General CR/BUG: 27919965 Restart: true Description: WLS PATCH SET UPDATE 10.3.6.0.180717 WLS PATCH SET UPDATE 10 .3.6.0.180717
6.重啟WebLogic
[root@app1 bsu]# service weblogic restart Stopping weblogic: weblogic is not running. Starting weblogic: [root@app1 bsu]# . JAVA Memory arguments: -Xms4096m -Xmx4096m -XX:MaxPermSize=1024m . WLS Start Mode=Production . CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java- 1.6.0-openjdk- 1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant- contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar:.:/weblogic11_64/jdk1.6.0_20/lib/dt.jar:/weblogic11_64/jdk1.6.0_20/lib/tools.jar . PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk- 1.6.0.0.x86_64/bin:/weblogic11_64/jdk1.6.0_20/bin:/usr/lib64/qt-3.3/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at * *************************************************** starting weblogic with Java version: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) Starting WLS with line: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server -Xms4096m -Xmx4096m -XX:MaxPermSize=1024m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/wls11g/wlserver_10.3 - Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false - Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath - Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -verbose:gc -XX: +PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false weblogic.Server <Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify - Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <Jul 19, 2018 4:20:09 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG=true>
執行重啟命令後,weblogic進行自動終止,並且沒有生成任何日誌與錯誤資訊,如是我選擇刪除該補丁
7.刪除補丁
root@app1 bsu]# ./bsu.sh -remove -patchlist=B47X -prod_dir=/wls11g/wlserver_10.3 Checking for conflicts.............. No conflict(s) detected Removing Patch ID: B47X.. Result: Success
8.重啟WebLogic恢復正常
[root@app1 bsu]# service weblogic restart Stopping weblogic: weblogic is not running. Starting weblogic: [root@app1 bsu]# . . JAVA Memory arguments: -Xms4096m -Xmx4096m -XX:MaxPermSize=256m . WLS Start Mode=Production . CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java- 1.6.0-openjdk- 1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant- contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar . PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk- 1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at * *************************************************** starting weblogic with Java version: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) Starting WLS with line: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server -Xms4096m -Xmx4096m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/wls11g/wlserver_10.3 - Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false - Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath - Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -verbose:gc -XX: +PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false weblogic.Server <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify - Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> <Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 > <Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> <Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> <Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.> <Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> <Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at '/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
9.由於安裝補丁後不能正常啟動weblogic所以選擇禁用T3協議
登入控制檯後在 bash_domain的配置頁面中選擇“安全”選項卡頁面,再點選"篩選器"並在連線篩選器規則中設定以下規則
127.0.0.1 * * allow t3 t3s 0.0.0.0/0 * * deny t3 t3s
[root@app1 bsu]# service weblogic restart Stopping weblogic: weblogic is not running. Starting weblogic: [root@app1 bsu]# . . JAVA Memory arguments: -Xms4096m -Xmx4096m -XX:MaxPermSize=256m . WLS Start Mode=Production . CLASSPATH=/wls11g/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/wls11g/patch_ocp371/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/usr/lib/jvm/java- 1.6.0-openjdk- 1.6.0.0.x86_64/lib/tools.jar:/wls11g/wlserver_10.3/server/lib/weblogic_sp.jar:/wls11g/wlserver_10.3/server/lib/weblogic.jar:/wls11g/modules/features/weblogic.server.modules_10.3.6.0.jar:/wl s11g/wlserver_10.3/server/lib/webservices.jar:/wls11g/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/wls11g/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant- contrib.jar:/wls11g/wlserver_10.3/common/derby/lib/derbyclient.jar:/wls11g/wlserver_10.3/server/lib/xqrl.jar . PATH=/wls11g/wlserver_10.3/server/bin:/wls11g/modules/org.apache.ant_1.7.1/bin:/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/bin:/usr/lib/jvm/java-1.6.0-openjdk- 1.6.0.0.x86_64/bin:/sbin:/usr/sbin:/bin:/usr/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at * *************************************************** starting weblogic with Java version: java version "1.6.0" OpenJDK Runtime Environment (build 1.6.0-b09) OpenJDK 64-Bit Server VM (build 1.6.0-b09, mixed mode) Starting WLS with line: /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/java -server -Xms4096m -Xmx4096m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls11g/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -da -Dplatform.home=/wls11g/wlserver_10.3 - Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -Dwlw.iterativeDev=false -Dwlw.testConsole=false - Dwlw.logErrorsToConsole=false -Dweblogic.ext.dirs=/wls11g/patch_wls1036/profiles/default/sysext_manifest_classpath:/wls11g/patch_ocp371/profiles/default/sysext_manifest_classpath - Dplatform.home=/wls11g/wlserver_10.3 -Dwls.home=/wls11g/wlserver_10.3/server -Dweblogic.home=/wls11g/wlserver_10.3/server -Dweblogic.management.discover=true -verbose:gc -XX: +PrintGCTimeStamps -XX:+HeapDumpOnOutOfMemoryError -XX:+PrintGCDetails -XX:+PrintGC -Xloggc:gc.log -Dwlw.iterativeDev=false -Dwlw.testConsole=false -Dwlw.logErrorsToConsole=false weblogic.Server <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify - Dweblogic.security.allowCryptoJDefaultJCEVerification=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify - Dweblogic.security.allowCryptoJDefaultPRNG=true> <Jul 19, 2018 5:38:59 PM CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with OpenJDK 64-Bit Server VM Version 1.6.0-b09 from Sun Microsystems Inc.> <Jul 19, 2018 5:39:00 PM CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3.6.0 Tue Nov 15 08:52:36 PST 2011 1441050 > <Jul 19, 2018 5:39:02 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING> <Jul 19, 2018 5:39:02 PM CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool> <Jul 19, 2018 5:39:03 PM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls11g/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.> <Jul 19, 2018 5:39:05 PM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> <Jul 19, 2018 5:39:08 PM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application wls-wsat was not deployed. Error: [Deployer:149158]No application files exist at '/wls11g/wlserver_10.3/server/lib/wls-wsat.war'.> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY> <Jul 19, 2018 5:39:09 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
對於12.1.3.0版本使用OPatch來進行補丁安裝
1.將最新的OPatch工具上傳到WebLogic所在伺服器並解壓
[root@ldjc wls12c]# unzip p6880880_132000_Generic.zip Archive: p6880880_132000_Generic.zip replace OPatch/ocm/lib/emocmutl.jar? [y]es, [n]o, [A]ll, [N]one, [r]ename: y inflating: OPatch/ocm/lib/emocmutl.jar replace OPatch/ocm/doc/dummy.txt? [y]es, [n]o, [A]ll, [N]one, [r]ename: A extracting: OPatch/ocm/doc/dummy.txt extracting: OPatch/ocm/bin/dummy inflating: OPatch/ocm/ocm_platforms.txt extracting: OPatch/ocm/generic.zip inflating: OPatch/oplan/README.html inflating: OPatch/oplan/oplan inflating: OPatch/oplan/README.txt inflating: OPatch/oplan/jlib/EMrepoDrivers.jar inflating: OPatch/oplan/jlib/automation.jar inflating: OPatch/oplan/jlib/Validation.jar inflating: OPatch/oplan/jlib/apache-commons/commons-cli-1.0.jar inflating: OPatch/oplan/jlib/CRSProductDriver.jar inflating: OPatch/oplan/jlib/OsysModel.jar inflating: OPatch/oplan/jlib/oplan.jar inflating: OPatch/oplan/jlib/jaxb/activation.jar inflating: OPatch/oplan/jlib/jaxb/jaxb-api.jar inflating: OPatch/oplan/jlib/jaxb/jaxb-impl.jar inflating: OPatch/oplan/jlib/jaxb/jsr173_1.0_api.jar inflating: OPatch/oplan/jlib/ValidationRules.jar inflating: OPatch/oplan/jlib/patchsdk.jar inflating: OPatch/oplan/jlib/osysmodel-utils.jar inflating: OPatch/oplan/jlib/oracle.oplan.classpath.jar inflating: OPatch/operr.bat inflating: OPatch/opatchprereqs/oui/knowledgesrc.xml creating: OPatch/opatchprereqs/opatch/ inflating: OPatch/opatchprereqs/opatch/opatch_prereq.xml inflating: OPatch/opatchprereqs/opatch/rulemap.xml inflating: OPatch/opatchprereqs/opatch/runtime_prereq.xml inflating: OPatch/opatchprereqs/opatch_prereq.sh inflating: OPatch/opatchprereqs/prerequisite.properties inflating: OPatch/opatch inflating: OPatch/emdpatch.pl inflating: OPatch/version.txt inflating: OPatch/opatch.ini inflating: OPatch/operr inflating: OPatch/README.txt inflating: OPatch/opatch.pl inflating: OPatch/scripts/opatch_wls.bat inflating: OPatch/scripts/opatch_jvm_discovery.bat inflating: OPatch/scripts/opatch_wls inflating: OPatch/scripts/opatch_jvm_discovery inflating: OPatch/docs/operr_readme.txt inflating: OPatch/docs/README.txt inflating: OPatch/jlib/oracle.opatch.classpath.windows.jar inflating: OPatch/jlib/opatchsdk.jar inflating: OPatch/jlib/oracle.opatch.classpath.unix.jar inflating: OPatch/jlib/opatch.jar inflating: OPatch/jlib/oracle.opatch.classpath.jar inflating: OPatch/opatch.bat [root@ldjc wls12c]# chown -R xxxx:xxxx /wls12c/OPatch
2.將補丁包上傳unzip p27919943_121300_Generic.zip到WebLogic所在伺服器並解壓
[root@ldjc soft]# unzip p27919943_121300_Generic.zip Archive: p27919943_121300_Generic.zip creating: 27919943/ creating: 27919943/etc/ creating: 27919943/etc/config/ inflating: 27919943/etc/config/actions.xml inflating: 27919943/etc/config/inventory.xml creating: 27919943/files/ creating: 27919943/files/inventory/ creating: 27919943/files/inventory/Components/ creating: 27919943/files/inventory/Components/oracle.css.mod/ creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/ creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/ creating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/ inflating: 27919943/files/inventory/Components/oracle.css.mod/12.1.3.0.0/patches/22153233/compDef.xml creating: 27919943/files/inventory/Components/oracle.fmwconfig.common.shared/ ...省略...
3.安裝補丁
[weblogic@ldjc OPatch]$ ./opatch apply /soft/27919943/ Oracle Interim Patch Installer version 13.2.0.0.0 Copyright (c) 2014, Oracle Corporation. All rights reserved. Oracle Home : /wls12c Central Inventory : /home/weblogic/oraInventory from : /wls12c/oraInst.loc OPatch version : 13.2.0.0.0 OUI version : 13.2.0.0.0 Log file location : /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log OPatch detects the Middleware Home as "/wls12c" Jul 20, 2018 6:54:41 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl INFO: Install area Control created with access level 0 Applying interim patch '27919943' to OH '/wls12c' Verifying environment and performing prerequisite checks... Interim patch 27919943 is a superset of the patch(es) [ 22250567 21370953 ] in the Oracle Home OPatch will roll back the subset patches and apply the given patch. All checks passed. Please shutdown Oracle instances running out of this ORACLE_HOME on the local system. (Oracle Home = '/wls12c') Is the local system ready for patching? [y|n] y User Responded with: Y Backing up files... Rolling back interim patch '22250567' from OH '/wls12c' Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... RollbackSession removing interim patch '22250567' from inventory Rolling back interim patch '21370953' from OH '/wls12c' Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... RollbackSession removing interim patch '21370953' from inventory OPatch back to application of the patch '27919943' after auto-rollback. Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.wls.workshop.code.completion.support, 12.1.3.0.0... Patching component oracle.css.mod, 12.1.3.0.0... Patching component oracle.css.mod, 12.1.3.0.0... Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0... Patching component oracle.fmwconfig.common.shared, 12.1.3.0.0... Patching component oracle.wls.common.nodemanager, 12.1.3.0.0... Patching component oracle.wls.common.nodemanager, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.wls.server.shared.with.core.engine, 12.1.3.0.0... Patching component oracle.webservices.base, 12.1.3.0.0... Patching component oracle.webservices.base, 12.1.3.0.0... Patching component oracle.wls.shared.with.cam, 12.1.3.0.0... Patching component oracle.wls.shared.with.cam, 12.1.3.0.0... Patching component oracle.webservices.orawsdl, 12.1.3.0.0... Patching component oracle.webservices.orawsdl, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.wls.libraries.mod, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... Patching component oracle.wls.admin.console.en, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.wls.core.app.server, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.webservices.wls, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.clients, 12.1.3.0.0... Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0... Patching component oracle.wls.wlsportable.mod, 12.1.3.0.0... Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0... Patching component oracle.fmwconfig.common.wls.shared, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Patching component oracle.wls.libraries, 12.1.3.0.0... Verifying the update... Patch 27919943 successfully applied Log file location: /wls12c/cfgtoollogs/opatch/27919943_Jul_20_2018_06_54_37/apply2018-07-20_06-54-29AM_1.log OPatch succeeded.
4.檢視補丁是否安裝成功從輸出結果可以看到已經安裝成功
[weblogic@ldjc OPatch]$ ./opatch lspatches Jul 20, 2018 7:00:17 AM oracle.sysman.oii.oiii.OiiiInstallAreaControl initAreaControl INFO: Install area Control created with access level 0 27919943;WLS PATCH SET UPDATE 12.1.3.0.180717 20741228;JDBC 12.1.3.1 BP1 OPatch succeeded.
5.重啟weblogic
[root@ldjc base_domain]# service weblogic restart Stopping weblogic: Starting weblogic: . JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m . CLASSPATH=/opt/jdk1.7.0_75/lib/tools.jar:/wls12c/wlserver/server/lib/weblogic_sp.jar:/wls12c/wlserver/server/lib/weblogic.jar:/wls12c/wlserver/../oracle_common/modules/net.sf.antcontrib_1.1 .0.0_1-0b3/lib/ant-contrib.jar:/wls12c/wlserver/modules/features/oracle.wls.common.nodemanager_2.0.0.0.jar:/wls12c/wlserver/../oracle_common/modules/com.oracle.cie.config-wls- online_8.1.0.0.jar:/wls12c/wlserver/common/derby/lib/derbyclient.jar:/wls12c/wlserver/common/derby/lib/derby.jar:/wls12c/wlserver/server/lib/xqrl.jar . PATH=/wls12c/wlserver/server/bin:/wls12c/wlserver/../oracle_common/modules/org.apache.ant_1.9.2/bin:/opt/jdk1.7.0_75/jre/bin:/opt/jdk1.7.0_75/bin:/sbin:/usr/sbin:/bin:/usr/bin . *************************************************** * To start WebLogic Server, use a username and * * password assigned to an admin-level user. For * * server administration, use the WebLogic Server * * console at * *************************************************** starting weblogic with Java version: java version "1.7.0_75" Java(TM) SE Runtime Environment (build 1.7.0_75-b13) Java HotSpot(TM) 64-Bit Server VM (build 24.75-b04, mixed mode) Starting WLS with line: /opt/jdk1.7.0_75/bin/java -server -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer - Djava.security.policy=/wls12c/wlserver/server/lib/weblogic.policy -Xverify:none -Djava.endorsed.dirs=/opt/jdk1.7.0_75/jre/lib/endorsed:/wls12c/wlserver/../oracle_common/modules/endorsed -da -Dwls.home=/wls12c/wlserver/server -Dweblogic.home=/wls12c/wlserver/server -Dweblogic.utils.cmm.lowertier.ServiceDisabled=true weblogic.Server <Jul 20, 2018 7:20:33 AM CST> <Notice> <Log Management> <BEA-170019> <The server log file /wls12c/user_projects/domains/base_domain/servers/AdminServer/logs/AdminServer.log is opened. All server side log events will be written to this file.> <Jul 20, 2018 7:20:35 AM CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.> <Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.runtime.> <Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://192.168.1.249:7001/jndi/weblogic.management.mbeanservers.domainruntime.> <Jul 20, 2018 7:20:35 AM CST> <Warning> <JMX> <BEA-149512> <JMX Connector Server started at service:jmx:iiop://12.18.1.249:7001/jndi/weblogic.management.mbeanservers.edit.> <Jul 20, 2018 7:20:36 AM CST> <Warning> <Deployer> <BEA-149617> <Non-critical internal application com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3 was not deployed. Error: [Deployer:149158]No application files exist at "/wls12c/wlserver/server/lib/../../../oracle_common/modules/com.oracle.webservices.wls.wsat-endpoints-impl_12.1.3.war".> <Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY.> <Jul 20, 2018 7:20:36 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>
到此補丁升級完成
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26015009/viewspace-2158202/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Weblogic 補丁升級慢Web
- 12. Oracle版本、補丁及升級——12.2. 補丁及補丁集Oracle
- ORACLE 10G RAC 升級補丁Oracle 10g
- Oracle資料庫升級與補丁Oracle資料庫
- ORACLE 11g 升級補丁(Patch)Oracle
- 12. Oracle版本、補丁及升級——12.3. 升級Oracle
- 探索Oracle之資料庫升級一 升級補丁修復概述Oracle資料庫
- 【PATCH】Oracle12c升級補丁初體驗Oracle
- Oracle 11.2.0.4 RAC psu補丁升級至11.2.0.4.2Oracle
- OJVM+GI PSU補丁升級JVM
- weblogic的版本及打補丁Web
- 【opatch打補丁】oracle10.2.0.5.0升級10.2.0.5.9 for linuxOracleLinux
- weblogic 12 補丁安裝Web
- 資料庫的升級和打補丁的研究資料庫
- db2 v9.7 補丁升級DB2
- SAP 補丁升級步驟詳解 (轉)
- Oracle的補丁Oracle
- oracle資料庫高危漏洞補丁集安裝Oracle資料庫
- 12. Oracle版本、補丁及升級——12.1. 版本體系Oracle
- 【kingsql分享】Oracle 18c RAC補丁升級實戰【DBRU】SQLOracle
- 使用web client對 vcenter 進行補丁升級Webclient
- oracle 補丁Oracle
- AIX平臺升級11.2需要注意的補丁AI
- Oracle最新補丁包修101個漏洞(轉)Oracle
- 【補丁】Oracle補丁的知識及術語Oracle
- 資料庫PSU的補丁升級 從10.2.0.5.2(10248542)升級至10.2.0.5.12(16619894)打補丁記錄資料庫
- Weblogic最新補丁在哪裡下載Web
- WSUS Offline Update離線補丁升級工具
- AIX 5.3下 升級補丁到10.2.0.5步驟AI
- oracle 補丁種類和升級方法以及oracle RAC Rolling Patch 說明Oracle
- Oracle 11gR2單例項資料庫補丁升級記錄Oracle單例資料庫
- WebLogic XMLDecoder反序列化漏洞WebXML
- Oracle補丁集的補丁號Patch ID/Number速查Oracle
- Oracle升級中的引數補充Oracle
- Oracle的OPatch補丁更新Oracle
- Windows 8.1 2014 Update RTM分支升級補丁Windows
- zt_oracle psu_cpu_bundle補丁patch升級upgrade相關概念Oracle
- WebLogic 反序列化漏洞深入分析Web