Oracle Linux patches for Meltdown and Spectre information

Oracle Linux

Shown are the latest kernel versions as of the 9th of January which have Meltdown and Spectre patches.

Kernel versions can be found when running the `uname -r` command.

After the kernel is installed one can find the kernel/packages changelog and security info with the following commands and see in the page table isolation has been activated:

# yum updateinfo list
# yum updateinfo list cves
# yum updateinfo list kernel-uek
# yum updateinfo list --sec-severity=Important
# yum updateinfo info --sec-severity=Important
CVE-2017-1000407 Important/Sec. kernel-uek-4.1.12-112.14.13.el7uek.x86_64

# dmesg | grep isolation
[ 0.000000] Kernel/User page tables isolation: enabled

# rpm -q --changelog kernel | egrep 'CVE-2017-5715|CVE-2017-5753|CVE-2017-5754'
# rpm -q --changelog kernel-uek | egrep 'CVE-2017-5715|CVE-2017-5753|CVE-2017-5754'

Oracle Linux version 6

Kernel: 2.6.32-696.18.7 (errata: ELSA-2018-0008), 2018-01-04.

Kernel-uek: 4.1.12-112.14.10 (errata: ELSA-2018-4006), 2018-01-09.

Oracle Linux version 7

Kernel: 3.10.0-693.11.6 (errata: ELSA-2018-0007), 2018-01-04.

Kernel-uek: 4.1.12-112.14.10 (errata: ELSA-2018-4006), 2018-01-04.

Oracle VM version 3.4

Xen: 4.4.4-155.0.12.el6 (errata: OVMSA-2018-0006), 2018-01-08.


Unbreakable Linux Network CVE repository

Next links are to the Meltdown and Spectre descriptions described in the Oracle Linux CVE repository.

Meltdown (CVE-2017-5754)

Spectre (CVE-2017-5715 / CVE-2017-5753)


Critical Patch Updates, Security Alerts and Bulletins


I don’t have any information or data on performance impact yet…

Authenticate Oracle 12c database users against Active Directory

Following is tested with Oracle 12.1 on Linux 6 (on Exadata) and a Windows 10 client.

“Yet another blog on how to authenticate database users against Active Director using Kerberos…”

I have read and tried a view blogs on how to get this done, but somehow I have found them a bit limited because they talk about a simple configuration with one database on one host. When you have to deal with multiple hosts and multiple databases per host, you need to take some things into account.

Lets start with some explanations, a walk through is below that.
Continue reading

SQLNET.KERBEROS5_CONF_MIT : Unsupported Parameter in 12.1

  • Unsupported ParametersThe following parameters are no longer supported:

No it’s not!

If you leave it out, you will get:

Password for airell@[logging]:

In stead of:

Password for airell@DOMAIN.LOCAL:

If you leave it out, one must not use the MIT layout… but where is the non-MIT layout described? It looks like the domain must be present on the first line of the file… for now, I will still use the MIT layout.



Issues installing (and on Linux 7 (RHEL7 and OEL7)

REHL 7 and Oracle Linux 7 was not released when Oracle database came out, so the installer does give some issues in the pre-requisites and when installing the software. I advice to do a software only installation first, because of an issue that you will need to fix with a patch after software installation, but before creating a database.

These issues popped-up when I was installing a database on RHEL7 (not a Certified product combination!), but the solutions given for worked for it as well:

  • elfutils-libelf-devel package missing;
  • compat-libstdc++ package missing;
  • pdksh package missing;
  • “Error in invoking target ‘agent nmhs’ of makefile” when installing.
    • This one also counts for installing Oracle Fusion Middleware.

Continue reading

tnsping (and others) take at least 5 seconds (or longer)

I ran into a situation where tnsping and other connections like ssh and such took at least 5 seconds (5000 msec) to establish:

Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = host.domain.local)(PORT = 1521))
                                     (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = ORCL)))
OK (5010 msec)

Also connecting to ‘host.domain.local’ with ssh took about 5 seconds. At first I thought it had to with sshd and some authentication options which had to timeout first, but than I discovered tnsping also waits 5 seconds. When connecting to the ip address it took 0 msec… aha… a DNS thing?! Continue reading

OEL 6.9 PVM guests on Oracle VM 3.4.3 won’t start

I recently upgraded by OVM to 3.4.3(.1511), but now my Oracle Enterprise Linux 6.9 PVM guests won’t start up any more. They don’t finish the ‘Starting automount’ in the boot / startup screen. It does not fail, it just won’t continue.

There is nothing special in the /etc/fstab I guess… : Continue reading

Server error: ‘The backing device /dev/mapper/xyz is not allowed to contain partitions’ on OracleVM

Ok, I added a new disk (well old actually, but new for the machine) to my Oracle VM server. It discovered it (or do it manually) and I wanted to create a new repository on it. Unfortunately it came with the following error:

Server error: 'The backing device /dev/mapper/3500a075109146bee is not allowed to contain partitions'

Continue reading

Oracle Grid 12c and Linux 7: PRVE-0421 : No entry exists in /etc/fstab for mounting /dev/shm

When you run Oracle Grid 12c ‘cluvfy stage -pre crsinst’ on Linux 7 (Oracle Enterprise Linux 7.2 in my case) you will get the following error:

Starting check for /dev/shm mounted as temporary file system ...


PRVE-0421 : No entry exists in /etc/fstab for mounting /dev/shm
PRVE-0421 : No entry exists in /etc/fstab for mounting /dev/shm
PRVE-0421 : No entry exists in /etc/fstab for mounting /dev/shm
PRVE-0421 : No entry exists in /etc/fstab for mounting /dev/shm

Check for /dev/shm mounted as temporary file system failed

When you do a ‘df -h’ you will see that ‘/dev/shm’ actually is mounted:

Filesystem Size Used Avail Use% Mounted on
devtmpfs 24G 0 24G 0% /dev
tmpfs    24G 0 24G 0% /dev/shm

This is due to a bug (Doc ID 2065603.1) which comes from the case that the cluvfy check does not check the actual mount of the file system, but looks for the persistence line of this mount in ‘/etc/fstab’ like it did in Linux 6. In Linux 7 you get this tmpfs mount by default.

Continue reading

Add a larger disk and remove smaller disk from LVM, online!

Goal: To add new larger disk to LVM, move data and remove old smaller one

When using Oracle VM in my work, a disk can be enlarged in Oracle VM manager for a virtual machine. But because of an internal loop-mount on the XEN hypervisor level, the disk-file which is presented to the virtual machine as a disk, is not able to ‘pass on’ it’s resize information to the OS. This requires an unmount and mount of the disk-file on hypervisor level, or in simple words: a reboot of the virtual machine… yikes! Continue reading

Oracle 12c installation will fail: Error in invoking target ‘irman ioracle’

During the installation of Oracle 12c (12.1) I encountered the following error:

Error in invoking target 'irman ioracle' of makefile
See '/u01/app/oraInventory/logs/installActions2015(...).log' for details.

Inside the logfile the following error is encountered:

INFO: collect2: ld terminated with signal 9 [Killed]

According to metalink doc 2040972.1 this is due to less memory available (in a VM environment). Continue reading