For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!
Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.
"Oracle is aware of these reports and is engaged with Intel. Oracle will produce necessary fixes, if applicable, in accordance with Oracle's security fixing policies."
But at least they could get some statement about it, Red Hat, Microsoft, etc, are already releasing patches, meanwhile I keep trying to find official Oracle Linux information on the problem.
j.
Exactly. I came across oracle pages and found totally nothing.
I would also like to know what the timeframe for release of the OL patches for Spectre/Meltdown is, as well as what impact this will have on Oracle DB running on OL with UEK.
Thanks.
A potential risk isn't necessarily a problem and it's not the first or last time computer technology is doomed. And as usual, it's a publicity show and making a big deal and fuss about it. It's very likely going to be in the news to the disadvantage of some vendors, while others will see a marketing opportunity.
From what I understand, the problem exists for many years already and does not mean anyone can connect to your server and destroy your system or obtain confidential data. It's not like the Ping of Death in the late 90's. As with any problem of such perceived magnitude and type, I think it's best to remain skeptical, research the actual problem to determine your own potential risk and approach the solution with caution.
https://linux.oracle.com/errata/ELSA-2018-0007.html
https://linux.oracle.com/errata/ELSA-2018-0008.html
This is a rather flippant response. The user was asking brief questions about these vulnerabilities and where they can find more information from Oracle on them. You've not answered them, rather you've told everyone to calm down.
I simply expressed my personal opinion about the problem and suggest to be realistic and to evaluate the situation. Public knowledge about the problem hit the mainstream media as of yesterday.
Now I am curious about the UEK kernels, more specifically UEKR4.
UEK4 is based on the mainline Linux kernel 4.1.12.
You can subscribe to the Oracle Linux errata mailing list to receive notifications:
https://linux.oracle.com/pls/apex/f?p=105:21
or https://oss.oracle.com/mailman/listinfo/el-errata
and review https://twitter.com/orcl_uln
From what I understand, patches will provide a work-around at the cost of performance. A permanent fix will require more low level changes and possibly CPU re-engineering. To exploit the problem however requires to install and run some malicious software.
https://meltdownattack.com/
UEKR4 patched kernel is out today. We use ksplice, but I am not sure that You can splice this in. I haven not seen a package for it yet.
There will not be Ksplice patches for this, in part due to the microcode update required for the processors. A reboot will be required for mitigation.
Thanks Avi! I figured that would be the case, but one could hope.
Do you know if/when UEK3 is patched for Oracle Linux 7?
user13051959 wrote:
I don't know about UEK3 for OL7 (?!/1?) but just today my SA installed.
Do you know if/when UEK3 is patched for Oracle Linux 6.5?
When running the RHCK, the individual patches can be viewed and en/disabled:
# cat /proc/version
Linux version 3.10.0-693.11.6.el7.x86_64 (mockbuild@x86-ol7-builder-03.us.oracle.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Wed Jan 3 18:59:47 PST 2018
# cat /sys/kernel/debug/x86/pti_enabled
1
# cat /sys/kernel/debug/x86/ibpb_enabled
0
# cat /sys/kernel/debug/x86/ibrs_enabled
This interface is not entirely present in the patched UEK:
Linux version 4.1.12-112.14.10.el7uek.x86_64 (mockbuild@) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #2 SMP Mon Jan 8 18:26:37 PST 2018
# ls -l /sys/kernel/debug/x86
total 0
-rw-------. 1 root root 0 Jan 9 09:35 ibrs_enabled
-rw-r--r--. 1 root root 0 Jan 9 09:35 nmi_longest_ns
-r--------. 1 root root 0 Jan 9 09:35 pat_memtype_list
-rw-------. 1 root root 0 Jan 9 09:35 tlb_single_page_flush_ceiling
Can we get documentation on how the controls differ between the RHCK and the UEK?
Please submit an SR as that needs to be reviewed by Oracle Global Product Security.
Because this is a security vulnerability, information cannot be provided here on the forum. If you have any questions, please open an SR with Oracle Support as that is the only way Oracle Global Product Security can be engaged to provide the appropriate response.
This thread will now be locked (as will any subsequent threads regarding this issue) as all questions must be submitted via an SR.
730939Jan 19 2011 — edited Jan 19 2011