27 Eylül 2014 Cumartesi

bash kullanıcılarına (linux/solaris vs.)


Solaris, linux(tüm linux dağıtımları için) kullanıcılarının aşağıdaki yazıyı okuması ve sistemlerini acilen güncellemesi iyi olur.


http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html


Oracle Security Alert for CVE-2014-7169


Description

This Security Alert addresses CVE-2014-7169 (initially identified as CVE-2014-6271), a publicly disclosed vulnerability affecting GNU Bash. GNU Bash is a popular open source command line shell incorporated into Linux and other widely used operating systems. This vulnerability affects multiple Oracle products. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to execute arbitrary code on systems that are running affected versions of Bash.
Oracle is still investigating this issue and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against the vulnerability.
The fixes that are available for immediate application by customers are listed in the Patch Availability Table. This Security Alert will be updated when fixes are available for additional affected Oracle products without sending additional emails to customers. Customers should check this page for updates.
Due to the severity, public disclosure, and reports of active exploitation of CVE-2014-7169, Oracle strongly recommends that customers apply the fixes provided by this Security Alert as soon as they are released by Oracle.

Oracle products that are affected and have fixes available

Oracle has determined that the following products are affected by this vulnerability, and fixes for these products are available for immediate application by customers. The patch availability information for these affected products is provided in the table below.
Note: Patch availability information is provided only for product versions that are covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. We recommend that customers remain on actively supported versions to ensure that they continue to receive security fixes from Oracle.

Patch Availability Table

Affected product Patch Availability and Installation Information
Oracle Linux, versions 4, 5, 6, 7 My Oracle Support Note 1930120.1
Oracle Solaris, versions 8, 9, 10, 11 My Oracle Support Note 1930090.1


Oracle products that are affected and do not have fixes available at this time

Oracle has determined that following Oracle products are vulnerable to CVE-2014-7169 and CVE-2014-6271. Fixes for these products will be distributed as they become available and this Security Alert will be updated to reflect the availability of these fixes in the Patch Availability Table.
  • Big Data Appliance
  • Exadata
  • Exalogic
  • Oracle Audit Vault and Database Firewall
  • Oracle Communications Application Orchestrator - Server Perpetual (version 74M1)
  • Oracle Communications Application Session Controller
  • Oracle Communications Diameter Intelligence Hub
  • Oracle Communications Diameter Signaling Router
  • Oracle Communications Diameter Signaling Router - Full Address Resolution
  • Oracle Communications EAGLE Application Processor
  • Oracle Communications EAGLE Collector Application Processor
  • Oracle Communications EAGLE LNP Application Processor
  • Oracle Communications Interactive Session Recorder
  • Oracle Communications Policy Controller
  • Oracle Communications Policy Management
  • Oracle Communications Service Broker Engineered System Edition 6.0
  • Oracle Communications Session Element Manager
  • Oracle Communications Session Report Manager
  • Oracle Communications Session Route Manager
  • Oracle Communications Subscriber Data Management
  • Oracle Communications User Data Repository
  • Oracle Communications WebRTC Session Controller
  • Oracle Data Appliance
  • Oracle Integrated Lights Out Manager
  • Oracle Key Vault
  • Oracle VM
  • Pillar Axiom 600 Storage System 4, 5
  • SPARC Supercluster
  • Sun ZFS Storage Appliance Kit (AK)
  • Tekelec HLR Router
  • Tekelec Platform Management & Configuration
  • Tekelec Virtual Operating Environment

References

Modification History


Date Comments
2014-September-26 Rev 1. Initial Release


Appendix - Oracle Sun Systems Products Suite

 

Oracle Sun Systems Products Suite Executive Summary

This Security Alert contains 1 new security fix for the Oracle Sun Systems Products Suite.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  The English text form of this Risk Matrix can be found here.

Oracle Sun Systems Products Suite Risk Matrix


CVE# Component Protocol Sub-
component
Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2014-7169 Solaris Multiple Bash Yes 10.0 Network Low None Complete Complete Complete 8, 9, 10, 11 See Note 1
Notes:
  1. The CVSS score is taken from
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169.


Appendix - Oracle Linux and Virtualization

 

Oracle Linux Executive Summary

This Security Alert contains 1 new security fix for Oracle Linux.  This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.  The English text form of this Risk Matrix can be found here.

Oracle Linux Risk Matrix


CVE# Component Protocol Sub-
component
Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected Notes
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2014-7169 Oracle Linux Multiple Bash Yes 10.0 Network Low None Complete Complete Complete 4, 5, 6, 7 See Note 1
Notes:
  1. The CVSS score is taken from
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169.


























21 Eylül 2014 Pazar

Birazda Oracle Enterprise Linux


Bir süredir linux dünyasından uzak kaldım sayılır.
Oracle Enterprise Linux ile birlikte, kaldığım yerden devam.

En çok hoşuma giden özelliklerden bir tanesi ksplice.

http://www.ksplice.com/
You are seconds away from trying out Ksplice zero downtime kernel updates for your RHEL 5 or 6 system!

Take back your weekend and say goodbye to lengthy maintenance windows for kernel updates. With Ksplice, you can install kernel updates while the system is running. Stay secure and compliant without the hassle.

Önemli sistemlerinizi yeniden başlatmadan, güncellemek istiyorsanız(kernel güncellemesi vs.)
http://www.oracle.com/technetwork/articles/linux/ksplice-update-tour-1896119.html

http://docs.oracle.com/cd/E37670_01/E39380/html/index.html
http://docs.oracle.com/cd/E37670_01/index.html

ksplice, göz ardı veya kulak arkası edilemeyeck bir özellik.

20 Eylül 2014 Cumartesi

Oracle Database kullanıcıları için ORACLE INTELLIGENT STORAGE PROTOCOL(OISP)

Şayet oracle database kullanıyorsanız ve "ORACLE INTELLIGENT STORAGE PROTOCOL" incelemediyseniz, lütfen aşağıdaki linki incelemeyi düşünme zamanı gelmiştir.

http://www.oracle.com/us/products/servers-storage/storage/nas/oracle-isp-ds-final-2139042.pdf

Oracle Intelligent Storage Protocol

The Oracle Database has a layered architecture that includes the Oracle Disk Manager (ODM). The ODM provides a file management module that lets the Oracle Database use a local file system, a raw disk partition, or NFS server to store database information.
To increase database performance, the ODM interface lets the Oracle Database pass information along with each I/O request. This information defines several attributes associated with the I/O such as the file type associated with the I/O request. This lets data file and database log file writes be handled differently.
The new OISP allows the Oracle Database NFSv4 client to pass ODM optimization information to the NFSv4 server of the ZFS Storage Appliance. The ZFS Storage Appliance takes advantage of the ODM optimization information to simplify database configuration and to further increase database performance.
There are two Oracle Intelligent Storage Protocol features:
  • Automatically setting the Optimal file record size for new database files
  • Automatically using the optimal write bias (ZFS Latency or Throughput) for each write request

Set the Optimal file record size

The Oracle dNFS client passes the optimal record size to the ZFS Storage Appliance for each NFSv4 write request. The ZFS Storage Appliance NFSv4 server passes the record size to the ZFS file system with the I/O request. The ZFS file system then bypasses the default file system record size and uses the record size value passed with the I/O request. The record size can only be set for newly created files. If a file already exists the record size will not be changed.

Use either ZFS Latency or Throughput write mode for each request


The Oracle dNFS client passes the optimal write bias to the ZFS Storage Appliance for each NFSv4 write request. The ZFS Storage Appliance NFSv4 server passes the write bias to the ZFS file system with the I/O request. The ZFS file system then bypasses the default file system write bias and attempts to use the write bias value passed with the I/O request. Depending on the state of the ZFS file system the write bias sent with the I/O request may be ignored.



18 Eylül 2014 Perşembe

Solaris'te son durum

Uzun zamandır, solaris ölecek mi yaşayacak mı diye endişe içindeydim.
Oracle son bir yıllık solaris çalışmasını yakından takip edince, bu endişemin boşuna olduğunu gördüm. Şu anda solaris 11.2 çıktı ve önümüzdeki yılda solaris 12 nin çıkması planlanmış durumdu. Solaris 11.2 ile openstack desteklenmeye başlandığınıda hatırlatayım. Bakalım solaris 12 neler getirecek.

Solaris 11.2 deki son durumu incelemek isteyenlerin göz atması gereken;
"Oracle® Solaris 11.2 Release Notes" aşağıdaki linkte bulabilirsiniz.

http://www.oracle.com/pls/topic/lookup?ctx=solaris11&id=SERNS

 

Ansible automation platform kurarken dikkat edilmesi gereken noktalar

 1. iç ortamamınızda kullanılacak aap için yerel sertifikalar üretilmeli. Aşağıdaki script kullanılabilir. https://github.com/linuxliste/ara...