OEL 6.9 PVM guests on Oracle VM 3.4.3 won’t start

I recently upgraded by OVM to 3.4.3(.1511), but now my Oracle Enterprise Linux 6.9 PVM guests won’t start up any more. They don’t finish the ‘Starting automount’ in the boot / startup screen. It does not fail, it just won’t continue.

There is nothing special in the /etc/fstab I guess… : Continue reading

Booting Oracle VM / Linux (ISOs) with UEFI ‘bios’ does not work

It seems Oracle VM (<=3.3.1 *) and Oracle Linux (<= 5.10/6.6 *) both install ISOs and installed OS’s are not capable of booting when UEFI on the bare-metal hardware is used. I have seen two configurations now where this happened, one using a USB HDD drive capable providing a ISO to boot from as CD/DVD (Zalman ZM-VE300)  and one HP iLO4 (http and local ISO) ‘remote’ booting. Continue reading

OpenSSL Heartbleed Oracle fixed version is 1.0.1e-16.el6_5.7

When one is looking for the OpenSSL fix 1.0.1g for Oracle (Red Hat) Linux 6, the fixed package version is ‘1.0.1e-16.el6_5.7’. I think this a bit misleading, because OpenSSL 1.0.1e is subject to the bug (CVE-2014-0160). But from the Red Hat site: and Orcale MetaLink (MOS Note 1663998.1): “Version openssl-1.0.1e-16.el6_5.7 included a fix backported from openssl-1.0.1g.

Some simple OS tests can produce a false-positive to heartbleed tests, becasue it could look only for text other than 1.0.1g.


To update to the ‘latest’ OpenSSL version, enable the [OL6_latest] repository en ‘yum update openssl’:

Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be updated
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.7 will be an update
--> Finished Dependency Resolution

Testing for processes using OpenSSL

One can test if processes are using OpenSSL (not a heartbleed vulnerability test), by issuing one of these two following commands:

$ lsof | awk 'NR==1 || $0~/libssl.so.1.0.1e/'
$ grep libssl.so.1.0.1 /proc/*/maps |cut -d/ -f3 |sort -u |xargs -r -- ps uf

More info

OpenSSL Security Bug – Heartbleed / CVE-2014-0160

Document written at April the 18th, 2014…

Happy blee, uh, testing and patching!