Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 535.8K On-Premises Infrastructure
- 138.1K Analytics Software
- 38.6K Application Development Software
- 5.6K Cloud Platform
- 109.3K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
Is there a high risk when applying OVMSA patches?
I've been asked to submit this question because we have several critical databases on some OVM servers and there is concern there could be an outage when applying security patches. We don't have capacity to move the DBs to other hardware.
What is the best process for applying these patches?
Specifically:
Update for bind (OVMSA-2019-0027)
Update for freetype (OVMSA-2020-0001)
Update for ghostscript (OVMSA-2018-0285)
Update for kernel (OVMSA-2019-0044)
Update for libssh2 (OVMSA-2019-0028)
Update for ntp (OVMSA-2018-0290)
Update for openssh (OVMSA-2019-0013)
Update for openssl (OVMSA-2019-0040)
Update for polkit (OVMSA-2019-0008)
Update for qemu-kvm(OVMSA-2020-0010)
Update for sudo (OVMSA-2019-0050)
Update for Unbreakable Enterprise kernel (OVMSA-2019-0056)
Update for xen (OVMSA-2020-0018)
Answers
-
Hi,
for kernel, openssl, qemu and xen you should theoretically reboot your physical server.
That said, on OVM you can also leverage Ksplice to accomplish the same target without rebooting.
I would suggest you to reach out Oracle Support to understand/work on the patching process.
Simon