Skip navigation.

Feed aggregator

Just a couple of screenshots of sqlplus+rlwrap+cygwin+console

XTended Oracle SQL - Thu, 2014-10-16 14:06

I previously wrote that I peeped the idea about showing the session information in terminal title from Timur Akhmadeev’s screenshots, and Timur wrote:

I’m using (a bit modified) Tanel Poder’s login.sql available in his TPT scripts library: http://tech.e2sn.com/oracle-scripts-and-tools

Scripts:
Tanel’s i.sql
My title.sql and on_login.sql

Colored prompt is the one of many features of rlwrap.

Screenshots:
Connected as simple user:
baikal-xtender
Connected as sysdba:
xtsql-sysdba

SQL*Plus on OEL through putty:
putty-to-oel-sqlplus

@inc/title “*** Test ***”
inc-title-test

Categories: Development

Competency-Based Education: Not just a drinking game

Michael Feldstein - Thu, 2014-10-16 13:48

Ray Henderson captured the changing trend of the past two EDUCAUSE conferences quite well.

The #Edu14 drinking game: sure inebriation in 13 from vendor claims of "mooc" "cloud" or "disrupting edu". In 2014: "competency based."

— Ray Henderson (@readmeray) October 3, 2014

The drinking game: sure inebriation in 13 from vendor claims of “mooc” “cloud” or “disrupting edu”. In 2014: “competency based.”

Two years ago, the best-known competency-based education (CBE) initiatives were at Western Governors University (WGU), Southern New Hampshire University’s College for America (CfA), and SUNY’s Excelsior College. In an article this past summer describing the US Department of Education’s focus on CBE, Paul Fain noted [emphasis added]:

The U.S. Department of Education will give its blessing — and grant federal aid eligibility — to colleges’ experimentation with competency-based education and prior learning assessment.

On Tuesday the department announced a new round of its “experimental sites” initiative, which waives certain rules for federal aid programs so institutions can test new approaches without losing their aid eligibility. Many colleges may ramp up their experiments with competency-based programs — and sources said more than 350 institutions currently offer or are seeking to create such degree tracks.

One issue I’ve noticed, however, is that many schools are looking to duplicate the solution of CBE without understanding the the problems and context that allowed WGU, CfA and Excelsior to thrive. By looking at the three main CBE initiatives, it is important to note at least three lessons that are significant factors in their success to date, and these lessons are readily available but perhaps not well-understood.

Lesson 1: CBE as means to address specific student population

None of the main CBE programs were designed to target a general student population or to offer just another modality. In all three cases, their first consideration was how to provide education to working adults looking to finish a degree, change a career, or advance a career.

As described by WGU’s website:

Western Governors University is specifically designed to help adult learners like you fit college into your already busy lives. Returning to college is a challenge. Yet, tens of thousands of working adults are doing it. There’s no reason you can’t be one of them.

As described by College for America’s website:

We are a nonprofit college that partners with employers nationwide to make a college degree possible for their employees. We help employers develop their workforce by offering frontline workers a competency-based degree program built on project-based learning that is uniquely applicable in the workplace, flexibly scheduled to fit in busy lives, and extraordinarily affordable.

As described by Excelsior’s website:

Excelsior’s famously-flexible online degree programs are created for working adults.

SNHU’s ubiquitous president Paul Leblanc described the challenge of not understanding the target for CBE at last year’s WCET conference (from my conference notes):

One of the things that muddies our own internal debates and policy maker debates is that we say things about higher education as if it’s monolithic. We say that ‘competency-based education is going to ruin the experience of 18-year-olds’. Well, that’s a different higher ed than the people we serve in College for America. There are multiple types of higher ed with different missions.

The one CfA is interested in is the world of working adults – this represent the majority of college students today. Working adults need credentials that are useful in the workplace, they need low cost, they need me short completion time, and they need convenience. Education has to compete with work and family requirements.

CfA targets the bottom 10% of wage earners in large companies – these are the people not earning sustainable wages. They need stability and advancement opportunities.

CfA has two primary customers – the students and the employers who want to develop their people. In fact, CfA does not have a retail offering, and they directly work with employers to help employees get their degrees.

Lesson 2: Separate organizations to run CBE

In all three cases the use of CBE to serve working adults necessitated entirely new organizations that were designed to provide the proper support and structure based on this model.

WGU was conceived as a separate non-profit organization in 1995 and incorporated in 1997 specifically to design and enable the new programs. College for America was spun out of SNHU in 2012. Excelsior College started 40 years ago as Regents College, focused on both mastery and competency-based programs. The CBE nursing program was founded in 1975.

CBE has some unique characteristics that do not fit well within traditional educational organizations. From a CBE primer I wrote in 2012 and updated in 2013:

I would add that the integration of self-paced programs not tied to credit hours into existing higher education models presents an enormous challenge. Colleges and universities have built up large bureaucracies – expensive administrative systems, complex business processes, large departments – to address financial aid and accreditation compliance, all based on fixed academic terms and credit hours. Registration systems, and even state funding models, are tied to the fixed semester, quarter or academic year – largely defined by numbers of credit hours.

It is not an easy task to allow transfer credits coming from a self-paced program, especially if a student is taking both CBE courses and credit-hour courses at the same time. The systems and processes often cannot handle this dichotomy.

Beyond the self-paced student-centered scheduling issues, there are also different mentoring roles required to support students, and these roles are not typically understood or available at traditional institutions. Consider the mentoring roles at WGU as described in EvoLLLutions:

Faculty mentors (each of whom have at least a master’s degree) are assigned a student caseload and their full-time role is to provide student support. They may use a variety of communication methods that, depending on student preferences,include calling — but also Skype, email and even snail mail for encouraging notes.

Course mentors are the second type of WGU mentor. These full-time faculty members hold their Ph.D. and serve as content experts. They are also assigned a student caseload. Responsibilities of course mentors include creating a social community among students currently enrolled in their courses and teaching webinars focused specifically on competencies students typically find difficult. Finally, they support students one-on-one based on requests from the student or referral from the student’s faculty mentor.

Lesson 3: Competency is not the same as mastery

John Ebersole, the president of Excelsior College, called out the distinction between competency and mastery in an essay this summer at Inside Higher Ed.

On close examination, one might ask if competency-based education (or CBE) programs are really about “competency,” or are they concerned with something else? Perhaps what is being measured is more closely akin to subject matter “mastery.” The latter can be determined in a relatively straightforward manner, using various forms of examinations, projects and other forms of assessment.

However, an understanding of theories, concepts and terms tells us little about an individual’s ability to apply any of these in practice, let alone doing so with the skill and proficiency which would be associated with competence.

Deeming someone competent, in a professional sense, is a task that few competency-based education programs address. While doing an excellent job, in many instances, of determining mastery of a body of knowledge, most fall short in the assessment of true competence.

Ebersole goes on to describe the need for true competency measuring, and his observation that I share about programs confusing the two concepts..

A focus on learning independent of time, while welcome, is not the only consideration here. We also need to be more precise in our terminology. The appropriateness of the word competency is questioned when there is no assessment of the use of the learning achieved through a CBE program. Western Governors University, Southern New Hampshire, and Excelsior offer programs that do assess true competency.

Unfortunately, the vast majority of the newly created CBE programs do not. This conflation of terms needs to be addressed if employers are to see value in what is being sold. A determination of “competency” that does not include an assessment of one’s ability to apply theories and concepts cannot be considered a “competency-based” program.

Whither the Bandwagon

I don’t think that the potential of CBE is limited only to the existing models nor do I think WGU, CfA, and Excelsior are automatically the best initiatives. But an aphorism variously attributed to Pablo Picasso, Dalai Lama XIV or bassist Jeff Berlin might provide guidance to the new programs:

Know the rules well, so you can break them effectively

How many new CBE programs are being attempted that target the same student population as the parent institutions? How many new CBE programs are being attempted in the same organization structure? And how many new CBE programs are actually based on testing only of masteries and not competencies?

Judging by media reports and observations at EDUCAUSE, I think there are far too many programs attempting this new educational model of CBE as a silver bullet. They are moving beyond the model and lessons from WGU, College for America and Excelsior without first understanding why those initiatives have been successful. I don’t intend to name names here but just to note that the 350 new programs cited in Paul Fain’s article would do well to ground themselves in a solid foundation that understands and builds off of successful models.

The post Competency-Based Education: Not just a drinking game appeared first on e-Literate.

Oracle IOT: when to use Index Organized Tables

Yann Neuhaus - Thu, 2014-10-16 12:17

When can we use IOT? That's a question I had when giving recently the Oracle DBA essentials workshop. the DBA Essential is very dense and there is only half a day about performance. We have the Oracle Performance Tuning workshop to go into those details. But IOTs are under used in my opinion, so I'll post a use case for them where they are a good idea.

Basically:

  • Index access is very fast to get all indexed columns, but can be longer when having to get the non-indexed columns
  • IOT are fast to retreive all columns (except overflow) by primary key
  • IOT are long when retreiving by secondary index when we get columns that are not in the index and that are not the primary key
Here is a good use case: you have a many-to-many relationship that you implement with an association table   This is your UML diagram: CaptureIOT1.PNG (grantOption is a property of the association. It's a boolean that tells if the user can grant the granted privilege to another user)   And this is how you implement it in a relational database: CaptureIOT2.PNG So you have an association table that has a primary key which is composed of the two foreign keys, and an additional column for the association property.   And you have an index on USER_PRIVS(USER_ID,PRIV_ID) to enable the primary key. And you need to have all the foreign key indexed so you have to add an index on USER_PRIVS(PRIV_ID).   Now, for performance reasons you will probably want to add all the columns to both indexes, so you have finally those two indexes:
  • USER_PRIVS(USER_ID,PRIV_ID,GRANT_OPTION)

  • USER_PRIVS(PRIV_ID,USER_ID,GRANT_OPTION)

If you have a doubt about that modeling (such as why I don't introduce a surrogate key here) please tell me, we can discuss that. But I can guarantee that this is the right approach at least in Oracle.   So when you navigate from any of the tables, you have to access only to the index. No need for the table. So why store a table ? This is where IOT comes. Let's create that as an IOT:   CREATE TABLE USER_PRIVS ( USER_ID,PRIV_ID,GRANT_OPTION , PRIMARY KEY(USER_ID,PRIV_ID) ) ORGANISATION INDEX;   and a secondary index:   CREATE INDEX PRIV_USERS (PRIV_ID,USER_ID,GRANT_OPTION)  

So, if you navigate from USERS you access directly to the index leaf that has all information.

And if you navigate from PRIVILEGES, you have also all information. Someone said that access via secondary index is long? Yes but that's only when we have to get to the other columns because the secondary index don't have a rowid. It stores the primary key instead and must go through the primary index to get the other columns. But there are two point in my example:

  • I already have all the primary key columns in my secondary index, and Oracle is clever enough to not store them in double
  • I don't have to get to the primary index because I have evrey columns in my secondary index
Those are the indexes I would have anyway, so here I avoid to store a table: less storage, cheaper inserts and deletes.   In general, the use cases for IOT are:
  • we access mainly through the primary key and accept more expensive queries when accessing otherwise. Note that the secondary index can be optimized is we ALTER INDEX ... UPDATE BLOCK REFERENCES regularly
  • the secondary indexes have all the columns needed for our query
The association table is in the second category and is a good occasion to implement IOT. Note that the IOT and index defined above are used by Oracle to avoid forign key table locks as both starts with one of the foreign key columns.   I will illustrate the costs of access to IOT in a future blog post. If you want to learn more about indexes, I'll never stop to advise you to read http://use-the-index-luke.com/

Need Experts in Open Source Databases? [VIDEO]

Chris Foot - Thu, 2014-10-16 10:27

Transcript

Have what it takes to enhance your open source databases?

Welcome back to the RDX blog. Whether you prefer to store your information in MySQL or PostgreSQL, we can provide you will a complete range of administrative support.

In addition to 24×7 onshore and remote service, our staff can deploy sophisticated monitoring architectures customized to fit both MySQL and PostgreSQL. This ensures your data is available at all times.

Speaking of accessibility, our experts are well-versed in advanced PostgreSQL tools, such as the new Foreign Data Wrapper. According to Silicon Angle, this function enables staff to easily pull remote objects stored in analytic clusters.

Thanks for watching, and be sure to join us next time. 

The post Need Experts in Open Source Databases? [VIDEO] appeared first on Remote DBA Experts.

Deploying a Private Cloud at Home — Part 4

Pythian Group - Thu, 2014-10-16 09:11

Today’s blog post is part four of seven in a series dedicated to Deploying Private Cloud at Home, where I will be demonstrating how to configure Imaging and compute services on controller node. See my previous blog post where we began configuring Keystone Identity Service.

  1. Install the Imaging service
    yum install -y openstack-glance python-glanceclient
  2. Configure Glance (Imaging Service) to use MySQL database
    openstack-config --set /etc/glance/glance-api.conf database connection \
    mysql://glance:Your_Password@controller/glance
    openstack-config --set /etc/glance/glance-registry.conf database connection \
    mysql://glance:Youre_Password@controller/glance
  3. Create Glance database user by running below queries on your MySQL prompt as root
    CREATE DATABASE glance;
    GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'Your_Password';
    GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Your_Password';
  4. Create the database tables for the Image Service
    su -s /bin/sh -c "glance-manage db_sync" glance
  5. Create Glance user to communicate to OpenStack services and Identity services
    keystone user-create --name=glance --pass=Your_Password --email=Your_Email
    keystone user-role-add --user=glance --tenant=service --role=admin
  6. Configuration of Glance config files
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host controller
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance
    openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password Your_Password
    openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host controller
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
    openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password Your_Password
    openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
  7. Register the Image Service with the Identity service
    keystone service-create --name=glance --type=image --description="OpenStack Image Service"
    keystone endpoint-create \
      --service-id=$(keystone service-list | awk '/ image / {print $2}') \
      --publicurl=http://controller:9292 \
      --internalurl=http://controller:9292 \
      --adminurl=http://controller:9292
  8. Start the Glance-api and Glance-registry services and enable them to start at startup
    service openstack-glance-api start
    service openstack-glance-registry start
    chkconfig openstack-glance-api on
    chkconfig openstack-glance-registry on
  9. Download CirrOS cloud image which is created for testing purpose
    wget -q http://cdn.download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img \
    -O /root/cirros-0.3.2-x86_64-disk.img
  10. Upload the image to Glance using admin account
    source /root/admin-openrc.sh
    glance image-create --name "cirros-0.3.2-x86_64" \
    --disk-format qcow2 \
    --container-format bare \
    --is-public True \
    --progress < /root/cirros-0.3.2-x86_64-disk.img
  11. Install Compute controller service on controller node
    yum install -y openstack-nova-api openstack-nova-cert \
    openstack-nova-conductor openstack-nova-console \
    openstack-nova-novncproxy openstack-nova-scheduler \
    python-novaclient
  12. Configure compute service database
    openstack-config --set /etc/nova/nova.conf database connection mysql://nova:Your_Password@controller/nova
  13. Configure compute service configuration file
    openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid
    openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
    openstack-config --set /etc/nova/nova.conf DEFAULT my_ip Controller_IP
    openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen Controller_IP
    openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address Controller_IP
  14. Create nova database user by running below queries on your MySQL prompt as root
    CREATE DATABASE nova;
    GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'Your_Password';
    GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'Your_Password';
  15. Create Compute service tables
    su -s /bin/sh -c "nova-manage db sync" nova
  16. Create a nova user that Compute uses to authenticate with the Identity Service
    keystone user-create --name=nova --pass=Your_Passoword --email=Your_Email
    keystone user-role-add --user=nova --tenant=service --role=admin
  17. Configure Compute to use these credentials with the Identity Service running on the controller
    openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
    openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
    openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
    openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password Your_Password
  18. Register Compute with the Identity Service
    keystone service-create --name=nova --type=compute --description="OpenStack Compute"
    keystone endpoint-create \
      --service-id=$(keystone service-list | awk '/ compute / {print $2}') \
      --publicurl=http://controller:8774/v2/%\(tenant_id\)s \
      --internalurl=http://controller:8774/v2/%\(tenant_id\)s \
      --adminurl=http://controller:8774/v2/%\(tenant_id\\)s
  19. Now start Compute services and configure them to start when the system boots
    service openstack-nova-api start
    service openstack-nova-cert start
    service openstack-nova-consoleauth start
    service openstack-nova-scheduler start
    service openstack-nova-conductor start
    service openstack-nova-novncproxy start
    chkconfig openstack-nova-api on
    chkconfig openstack-nova-cert on
    chkconfig openstack-nova-consoleauth on
    chkconfig openstack-nova-scheduler on
    chkconfig openstack-nova-conductor on
    chkconfig openstack-nova-novncproxy on
  20. You can verify your configuration and list available images
    source /root/admin-openrc.sh
    nova image-list

 

This concludes the initial configuration of controller node before configuration of compute node. Stay tuned for part five where I will demonstrate how to configure compute node.

Categories: DBA Blogs

Cloudera’s announcements this week

DBMS2 - Thu, 2014-10-16 09:05

This week being Hadoop World, Cloudera naturally put out a flurry of press releases. In anticipation, I put out a context-setting post last weekend. That said, the gist of the news seems to be:

  • Cloudera continued to improve various aspects of its product line, especially Impala with a Version 2.0. Good for them. One should always be making one’s products better.
  • Cloudera announced a variety of partnerships with companies one would think are opposed to it. Not all are Barney. I’m now hard-pressed to think of any sustainable-looking relationship advantage Hortonworks has left in the Unix/Linux world. (However, I haven’t heard a peep about any kind of Cloudera/Microsoft/Windows collaboration.)
  • Cloudera is getting more cloud-friendly, via a new product — Cloudera Director. Probably there are or will be some cloud-services partnerships as well.

Notes on Cloudera Director start:

  • It’s closed-source.
  • Code and support are included in any version of Cloudera Enterprise.
  • It’s a management tool. Indeed, Cloudera characterized it to me as a sort of manager of Cloudera Managers.

What I have not heard is any answer for the traditional performance challenge of Hadoop-in-the-cloud, which is:

  • Hadoop, like most analytic RDBMS, tightly couples processing and storage in a shared-nothing way.
  • Standard cloud architectures, however, decouple them, thus mooting a considerable fraction of Hadoop performance engineering.

Maybe that problem isn’t — or is no longer — as big a deal as I’ve been told.

Categories: Other

My global view on Oracle OpenWorld 2014

Javier Delgado - Thu, 2014-10-16 06:41
For those who can read Spanish, I just posted in our company blog an entry describing a general overview of Oracle OpenWorld announcements. A couple of weeks ago I made a post on this blog describing the most important outcomes from a PeopleSoft point of view. This new post gives a broader view. 

Are you ready for Windows 10? Dodeca Is Ready!

Tim Tow - Wed, 2014-10-15 22:38
Microsoft recently released its first preview version of their next desktop operating system, Windows 10. In our business, we have seen many large companies just migrate to Windows 7 and the general consensus seems to be that Windows 8 is a 'consumer' operating system. In other words, it will be a while before you have to think about Windows 10, but it is our business to be thinking about this now. We have the Windows 10 preview downloaded and installed in our labs. We made a very smart decision years ago when we decided to write the Dodeca client layer in .NET technology because it works in Windows 10 unchanged!

We are ready. Will you be ready?
Categories: BI & Warehousing

SQL Server: Forced failover with AlwaysOn & Availability Groups

Yann Neuhaus - Wed, 2014-10-15 20:38

During a workshop at one of my customer about the implementation of SQL Server AlwaysOn and availability groups, I had an interesting discussion. It was about asynchronous replication between 2 replicas and the effect of the forced failover operation with allowed data loss. Does SQL Server resynchronize availability databases if I loose some transactions during the failover process?

The quick answer is yes but probably the most interesting question is how SQL Server achieves resynchronization and this is exactly what we will see in this blog post.

Simulate a data loss is pretty easy if you have a SQL Server AlwaysOn architecture with availability groups and 2 replicas enrolled in an asynchronous replication. You can pause the replication on secondary and then perform a manual forced failover from the same server for instance. During this blog post I will use the undocumented function sys.fn_db_log() and some dynamic management views related to availability groups as well.

Let's begin with my SQL Server architecture: One availability group with the adventureworks2012 database that hosts a table dbo.aag_test and 2 replicas SQL141 and SQL143 configured in asynchronous replication. SQL141 is the current primary.

 

Step 1: Create a replication issue by pausing the availability database on the secondary

After suspending the replication from the secondary, we insert an additional record in a table aag_test on the primary (SQL141) which will be not replicated to the secondary (SQL143). Notice that we are not aligned on both sides by viewing the content of the sys.fn_db_log() function on each transaction log.

 

:connect sql141 use AdventureWorks2012;   select * from dbo.aag_test;   select * from sys.fn_dblog(null, null); go     :connect sql143 use AdventureWorks2012;   select * from dbo.aag_test;   select * from sys.fn_dblog(null, null); go

 

Here is the content of the AdventureWorks2012 transaction log file on the primary:

 

00000104:00003a88:0001     LOP_MODIFY_ROW      LCX_BOOT_PAGE 0000:00000000     00000104:00003a90:0001     LOP_MODIFY_ROW      LCX_SCHEMA_VERSION  0000:00000000 00000104:00003a90:0002     LOP_BEGIN_XACT      LCX_NULL     0000:000343da 00000104:00003a90:0003     LOP_BEGIN_XACT      LCX_NULL     0000:000343db 00000104:00003a90:0004     LOP_FORMAT_PAGE     LCX_HEAP     0000:000343db 00000104:00003a90:0005     LOP_MODIFY_ROW      LCX_PFS      0000:000343db 00000104:00003a90:0006     LOP_MODIFY_ROW      LCX_IAM      0000:000343db 00000104:00003a90:0007     LOP_HOBT_DELTA      LCX_NULL     0000:000343db 00000104:00003a90:0008     LOP_FORMAT_PAGE     LCX_HEAP     0000:000343db 00000104:00003a90:0009     LOP_COMMIT_XACT     LCX_NULL     0000:000343db 00000104:00003a90:000a     LOP_INSERT_ROWS     LCX_HEAP     0000:000343da 00000104:00003a90:000b     LOP_SET_FREE_SPACE  LCX_PFS      0000:00000000 00000104:00003a90:000c     LOP_COMMIT_XACT     LCX_NULL     0000:000343da

 

And this is the content of the same database transaction log file on the secondary:

 

00000104:00003a70:0018     LOP_INSERT_ROWS     LCX_HEAP     0000:000343d7 00000104:00003a70:0019     LOP_SET_FREE_SPACE  LCX_PFS      0000:00000000 00000104:00003a70:001a     LOP_COMMIT_XACT     LCX_NULL     0000:000343d7 00000104:00003a88:0001     LOP_MODIFY_ROW      LCX_BOOT_PAGE 0000:00000000

 

On the secondary, the last record in the transaction log file is identified by the LSN: 260:14984:1 (in decimal format). We notice additional records in the transaction log file on the primary after pausing the replication - we can identify among them LOP_INSERT_ROWS / LCX_HEAP records that correspond in fact to the insertion of additional records in the table aag_test.

We can also take a look at the DMV related to the availability groups by using this query:

 

SELECT        ar.replica_server_name as ServerName,        drs.synchronization_state_desc as SyncState,        drs.last_hardened_lsn,        drs.last_redone_lsn FROM sys.dm_hadr_database_replica_states drs        LEFT JOIN sys.availability_replicas ar              ON drs.replica_id = ar.replica_id ORDER BY ServerName


The query's output below:

 

ServerName   SyncState           last_hardened_lsn   last_redone_lsn SQL141       SYNCHRONIZED        260000001501600001  NULL SQL143       NOT SYNCHRONIZING   260000001499200001  260000001498400001 -- (260:14984:1)

 

The column last_redone_lsn for the secondary (SQL143) represents the last log record that has been redone. The value (convert in decimal format) is the same previously found in the transaction log by using the sys.fn_db_log() function. The last_hardened_lsn value represents the last transaction blog hardened to the transaction log file. This value is usually greater than the last_redone_lsn value.

 

Step 2: SQL143 becomes the new primary - after restarting SQL141 and initiating a manuel forced failover with potential data loss

At this point we have some lost data that have not been replicated (LSN between 00000104:00003a88:0001 and 00000104:00003a90:000c).

 

00000104:00003a90:0001     LOP_MODIFY_ROW      LCX_SCHEMA_VERSION  0000:00000000 00000104:00003a90:0002     LOP_BEGIN_XACT      LCX_NULL     0000:000343da 00000104:00003a90:0003     LOP_BEGIN_XACT      LCX_NULL     0000:000343db 00000104:00003a90:0004     LOP_FORMAT_PAGE     LCX_HEAP     0000:000343db 00000104:00003a90:0005     LOP_MODIFY_ROW      LCX_PFS      0000:000343db 00000104:00003a90:0006     LOP_MODIFY_ROW      LCX_IAM      0000:000343db 00000104:00003a90:0007     LOP_HOBT_DELTA      LCX_NULL     0000:000343db 00000104:00003a90:0008     LOP_FORMAT_PAGE     LCX_HEAP     0000:000343db 00000104:00003a90:0009     LOP_COMMIT_XACT     LCX_NULL     0000:000343db 00000104:00003a90:000a     LOP_INSERT_ROWS     LCX_HEAP     0000:000343da 00000104:00003a90:000b     LOP_SET_FREE_SPACE  LCX_PFS      0000:00000000 00000104:00003a90:000c

 

The new status of each replica is as following:

 

ServerName   SyncState           last_hardened_lsn   last_redone_lsn SQL141       NOT SYNCHRONIZING   0                   0 SQL143       NOT SYNCHRONIZING   260000001502400001  NULL

 

Some additional records are inserted to the transaction log but they are not related directly to the replicated data lost previously from the old primary SQL141.

 

Step 3: Replication from the new primary SQL143 is resumed

Here the new status of the replication of each replica:

  ServerName   SyncState           last_hardened_lsn   last_redone_lsn SQL141       NOT SYNCHRONIZING   260000001499200001  249000007658400001 SQL143       SYNCHRONIZED        26000001502400001  NULL

 

We can confirm now that we have lost the data remained in the send queue list on the old primary SQL141. The last hardened lsn is not the same between the initial situation and the new situation (260000001501600001 vs 260000001499200001). Remember that the hardened lsn (transaction log block) 260000001499200001 corresponds to the last hardened lsn on the old secondary SQL143 before the synchronization issue.

 

Step 4: Last step - resuming the database movement on the new secondary SQL141 in order to resynchronize the both replicas

At this point SQL Server has resynchronized perfectly the both replicas. Take a look at the output of the sys.fn_db_log() on each side. We retrieve effectively the same pattern on both sides.

Content of the transaction log on the new secondary SQL141:

 

00000104:00003a88:0001     LOP_MODIFY_ROW      LCX_BOOT_PAGE 0000:00000000 00000104:00003a90:0001     LOP_MODIFY_ROW      LCX_BOOT_PAGE 0000:00000000 00000104:00003a98:0001     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0002     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0003     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0004     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0005     LOP_BEGIN_CKPT      LCX_NULL     0000:00000000 00000104:00003aa0:0001     LOP_XACT_CKPT LCX_BOOT_PAGE_CKPT  0000:00000000 00000104:00003aa8:0001     LOP_END_CKPT LCX_NULL     0000:00000000

 

Content of the transaction log on the new primary SQL143:

 

00000104:00003a88:0001     LOP_MODIFY_ROW      LCX_BOOT_PAGE 0000:00000000 00000104:00003a90:0001     LOP_MODIFY_ROW      LCX_BOOT_PAGE 0000:00000000 00000104:00003a98:0001     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0002     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0003     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0004     LOP_COUNT_DELTA     LCX_CLUSTERED 0000:00000000 00000104:00003a98:0005     LOP_BEGIN_CKPT      LCX_NULL     0000:00000000 00000104:00003aa0:0001     LOP_XACT_CKPT LCX_BOOT_PAGE_CKPT  0000:00000000 00000104:00003aa8:0001     LOP_END_CKPT LCX_NULL     0000:00000000

 

Compared to the first output in the transaction log of the old primary SQL141 we definitively lost the entries identified previously at the top of this article.

Wonderful but how SQL Server has achieved this process? The answer is in the SQL Server error log of the new secondary SQL141:

  • First, we notice the recovery LSN (transaction log block) identified by SQL Server for the AdventureWorks2012 database here (260:14992:1). The same value was founded previously by looking at the availability groups DMV and the column last_hardened_lsn. This is the starting point for the resynchronizing process
SQL141 error log 2014-10-07 22:40:57.120    spid17s      The recovery LSN (260:14992:1) was identified for the database with ID 5. This is an informational message only. No user action is required.

 

  • Then we resumed manually the replication and we retrieve the event in the error log.

 

2014-10-07 22:40:57.130    spid17s      AlwaysOn Availability Groups data movement for database 'AdventureWorks2012' has been suspended for the following reason: "failover from partner" (Source ID 1; Source string: 'SUSPEND_FROM_PARTNER'). To resume data movement on the database, you will need to resume the database manually. For information about how to resume an availability database, see SQL Server Books On   …   2014-10-07 22:43:33.950    spid57 ALTER DB param option: RESUME 2014-10-07 22:43:33.950    spid57 AlwaysOn Availability Groups data movement for database 'AdventureWorks2012' has been resumed. This is an informational message only. No user action is required. 2014-10-07 22:43:33.960    spid17s      AlwaysOn Availability Groups connection with primary database established for secondary database 'AdventureWorks2012' on the availability replica 'SQL143' with Replica ID: {546df6b8-d07d-4aa4-afb6-5f543d5fae98}. This is an informational message only. No user action is required.

 

  • The new secondary automatically restarted to resynchronize with the current primary. The commit LSN here is probably in the transaction log block (14992) that is lower than the transaction log block related to the Hardened Lsn (15016).

 

2014-10-07 22:43:34.060    spid17s      Availability database 'AdventureWorks2012', which is in the secondary role, is being restarted to resynchronize with the current primary database. This is an informational message only. No user action is required. 2014-10-07 22:43:34.060    spid43s      Nonqualified transactions are being rolled back in database AdventureWorks2012 for an AlwaysOn Availability Groups state change. Estimated rollback completion: 100%. This is an informational message only. No user action is required. 2014-10-07 22:43:34.070    spid43s      State information for database 'AdventureWorks2012' - Hardended Lsn: '(260:15016:1)'   Commit LSN: '(260:14992:12)'   Commit Time: 'Oct 7 2014 10:21PM'

 

  • And finally the most important information in this error log. SQL Server reverted to the transaction log block related to the recovery LSN (260:14992:1) and reinitialize to the last log record redone by the old secondary SQL143.

 

2014-10-07 22:43:34.810    spid43s      Using the recovery LSN (260:14992:1) stored in the metadata for the database with ID 5. This is an informational message only. No user action is required.

This is exactly the picture we have by looking at the last output of the sys.fn_db_log() function above that starting from the LSN 00000104:00003a90:0001 (260:14992:1 in decimal format) that corresponds to the begin of the transaction block to the LSN 00000104:00003aa8:0001 (104:15016:1 in decimal format).

As you can see SQL Server uses a sophisticated mechanism that allows to recover to a situation before data lost. You probably also notice that the key point of this revert process is the transaction log block and not the transaction itself.

Enjoy!

Documentum upgrade project: Wrong icons in D2 search results with xPlore

Yann Neuhaus - Wed, 2014-10-15 20:11

After migrating from "Fast" to "xPlore" Documentum full-text search engine, our team discovered wrong icons in D2 search results. Documents in checked-out state continued to be displayed with the normal icon, even if xPlore indexed attribute value for “r_lock_owner”. This attribute contains the user name who has checked-out the document.

In the following picture, you can see the search result with the wrong icon, whereas in the “Version” window, the checked-out icon appears for the current version:

 

1-FulltextSearch-Wrong-Icon.png

 

This result implies that D2 displays the results provided by xPlore directly, without any further check based on “r_object_id” for updated metadata values.

At this stage, xPlore only returned document information without value for “r_lock_owner”.

The reason is that after the user had checked-out the document, no queue item was created to tell the index-agent to re-index the document with a value for the “r_lock_owner” attribute.

In order to ask index agent to index again the document, we have to register the “dm_checkout” event on “dm_sysobject” type for “dm_fulltext_index_user”.

However, the reverse operation must also been registered, for “dm_unlock” and inform xPlore the document is not checked-out anymore.

 

First, we need to verify that the event is not registered for the user index. Using DQL, the following query must return no result:

 

 

select * from dmi_registry where user_name='dm_fulltext_index_user' and event='dm_checkout';

 

 

Then we need to retrieve r_object_id of the dm_sys_object type:

 

 

select r_object_id from dm_type where name ='dm_sysobject';

 

 

Using API, request a login session ticket and open a session as 'dm_fulltext_index_user':

 

 

API> getlogin,c,dm_fulltext_index_user
...
DM_TICKET=T0JKIE5VTEwgMAoxMwp2ZXJzaW9uIElOVCBTIDAKMwpmbGFncyBJTlQgUyAwCjAKc2VxdWVuY2VfbnVtIElOVCBTIDAKMjE5OApjcmVhdGVfdGltZSBJTlQgUyAwCjE0MDA3NjU1NzQKZXhwaXJlX3RpbWUgSU5UIFMgMAoxNDAwNzY1ODc0CmRvbWFpbiBJTlQgUyAwCjAKdXNlcl9uYW1lIFNUUklORyBTIDAKQSAyMiBkbV9mdWxsdGV4dF9pbmRleF91c2VyCnBhc3N3b3JkIElOVCBTIDAKMApkb2NiYXNlX25hbWUgU1RSSU5HIFMgMApBIDYgRDJETVNVCmhvc3RfbmFtZSBTVFJJTkcgUyAwCkEgOCBsYm5kczEzMQpzZXJ2ZXJfbmFtZSBTVFJJTkcgUyAwCkEgNiBEMkRNU1UKc2lnbmF0dXJlX2xlbiBJTlQgUyAwCjU2CnNpZ25hdHVyZSBTVFJJTkcgUyAwCkEgNTYgZEl2MXgyTEVFWGloM2RrTFloNUJFcmZVT1lwQnRZMkxpMFU2M293MnJZcFJna29VbWtSOVRnPT0K

 

 

Copy login ticket result into the next command and update with:

 

 

API> connect,,dm_fulltext_index_user,DM_TICKET=T0JKIE5VTEwgMAoxMwp2ZXJzaW9uIElOVCBTIDAKMwpmbGFncyBJTlQgUyAwCjAKc2VxdWVuY2VfbnVtIElOVCBTIDAKMjE5OApjcmVhdGVfdGltZSBJTlQgUyAwCjE0MDA3NjU1NzQKZXhwaXJlX3RpbWUgSU5UIFMgMAoxNDAwNzY1ODc0CmRvbWFpbiBJTlQgUyAwCjAKdXNlcl9uYW1lIFNUUklORyBTIDAKQSAyMiBkbV9mdWxsdGV4dF9pbmRleF91c2VyCnBhc3N3b3JkIElOVCBTIDAKMApkb2NiYXNlX25hbWUgU1RSSU5HIFMgMApBIDYgRDJETVNVCmhvc3RfbmFtZSBTVFJJTkcgUyAwCkEgOCBsYm5kczEzMQpzZXJ2ZXJfbmFtZSBTVFJJTkcgUyAwCkEgNiBEMkRNU1UKc2lnbmF0dXJlX2xlbiBJTlQgUyAwCjU2CnNpZ25hdHVyZSBTVFJJTkcgUyAwCkEgNTYgZEl2MXgyTEVFWGloM2RrTFloNUJFcmZVT1lwQnRZMkxpMFU2M293MnJZcFJna29VbWtSOVRnPT0K
...
s1

 


“s1” is now the 'dm_fulltext_index_user' session descriptor.

 

Use this session descriptor to register “dm_checkout” and “dm_unlock” events for “dm_sysobject” type.

Replace in both lineswith r_object_id you have got previously:

 

 

API> register,s1,,dm_checkout,,F
...
OK
API> register,
s1,,dm_unlock,,F
...
OK

 

 

In case you have configured another index agent for your repository, do not forget to reproduce same procedure for the other user: “dm_fulltext_index_user_01”.

I hope this information will be of help to you.

Oracle Linux Containers and docker and the magic of ksplice becomes even more exciting

Wim Coekaerts - Wed, 2014-10-15 15:27
So, in my previous blogs I talked about the value of ksplice for applying updates and keeping your system current. Typical use case has been on physical servers running some application or in a VM running some application and it all keeps every system pretty isolated. Downtime on a single server is often, by a system admin, seen as no big deal, downtime of a bunch of servers because of a multi-tier application that goes down, however, by the application owner is a pretty big deal and can take some scheduling (and cost) to agree on downtime for reboots. If you have to patch a database server and reboot it, then you first have to bring down your application servers, then bring down the database, then reboot the server. So that 'single reboot' from a sysadmin point of view, is a nightmare and long downtime and potential risk for the application owner that has an application across many servers. Do keep that complexity in mind...

Anyway, we introduced support for Linux containers a year ago, back with Oracle Linux 6 and the release of UEKr3, no need to wait for OL7 (or rhel7...) we 've been doing this for almost a year and it was possible without having to reinstall servers and go from 6 to 7 and to systemd and have major changes. Just simply updating an OL6 environment and a reboot into uek3 and you were good to go, a year ago. So... with containers (and docker is very similar here)... you run one kernel. As opposed to running VMs where each VM is a completely isolated virtual environment with their own kernel and you can live migrate the VMs to another host if you need to update/patch the host, etc... So you run an OS that supports containers, you deploy your apps and isolate them nicely in a container each... and now you need to apply kernel security updates... well... that means, the host kernel on which all these containers environments are running... oops. my reboot now brings down a ton of containers. Well, not with ksplice. You run uptrack-update in the main environment and it nicely, online, without affecting your running apps in their containers or docker environments, updates to the latest fixes and CVEs. Done. No downtime, no scheduling issues with your application users... all set.

Supported.. since a year ago. Stable.

Tweaked bind variable script

Bobby Durrett's DBA Blog - Wed, 2014-10-15 15:17

I modified the bind variable extraction script that I normally use to make it more helpful to me.

Here was my earlier post with the old script: blog post

Here is my updated script:

set termout on 
set echo on
set linesize 32000
set pagesize 1000
set trimspool on

column NAME format a3
column VALUE_STRING format a17

spool bind2.log

select * from 
(select distinct
to_char(sb.LAST_CAPTURED,'YYYY-MM-DD HH24:MI:SS') 
  DATE_TIME,
sb.NAME,
sb.VALUE_STRING 
from 
DBA_HIST_SQLBIND sb
where 
sb.sql_id='gxk0cj3qxug85' and
sb.WAS_CAPTURED='YES')
order by 
DATE_TIME,
NAME;

spool off

Replace gxk0cj3qxug85 with the sql_id of your own query.

The output looks like this (I’ve scrambled the values to obscure production data):

DATE_TIME           NAM VALUE_STRING
------------------- --- -----------------
2014-08-29 11:22:13 :B1 ABC
2014-08-29 11:22:13 :B2 DDDDDD
2014-08-29 11:22:13 :B3 2323
2014-08-29 11:22:13 :B4 555
2014-08-29 11:22:13 :B5 13412341
2014-08-29 11:22:13 :B6 44444
2014-08-29 11:26:47 :B1 gtgadsf
2014-08-29 11:26:47 :B2 adfaf
2014-08-29 11:26:47 :B3 4444
2014-08-29 11:26:47 :B4 5435665
2014-08-29 11:26:47 :B5 4444
2014-08-29 11:26:47 :B6 787

This is better than the original script because it keeps related bind variable values together.

– Bobby


Categories: DBA Blogs

The magic of ksplice continues...

Wim Coekaerts - Wed, 2014-10-15 15:15
My previous blog talked about some cool use cases of ksplice and I used Oracle Linux 5 as the example. In this blog entry I just wanted to add Oracle Linux 6 to it. For Oracle Linux 6, we go all the way back to the GA date of OL6. 2.6.32-71.el6 build date Wed Dec 15 12:36:54 EST 2010. And we support ksplice online updates from that point on, up to today. The same model, you can be on any Oracle Linux 6 kernel, an errata update, a specific kernel from an update release like 6.1,... 6.5,... and get current with CVEs and critical fixes from then on. After running uptrack-upgrade, I get to be current : 2.6.32-431.29.2.el6

I ran out of xterm buffer space ;-) so starting with the Installing part of the output of uptrack-upgrade -y :

Installing [1y0hqxq7] Invalid memory access in dynamic debug entry listing.
Installing [1f9nec9b] Clear garbage data on the kernel stack when handling signals.
Installing [lrh0cfph] Reduce usage of reserved percpu memory.
Installing [uo1fmxxr] CVE-2010-2962: Privilege escalation in i915 pread/pwrite ioctls.
Installing [11ofaaud] CVE-2010-3084: Buffer overflow in ETHTOOL_GRXCLSRLALL command.
Installing [8u4favcu] CVE-2010-3301: Privilege escalation in 32-bit syscall entry via ptrace.
Installing [ayk01zir] CVE-2010-3432: Remote denial of service vulnerability in SCTP.
Installing [p1o8wy3o] CVE-2010-3442: Heap corruption vulnerability in ALSA core.
Installing [r1mlwooa] CVE-2010-3705: Remote memory corruption in SCTP HMAC handling.
Installing [584zm6x2] CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
Installing [vt03uggp] CVE-2010-2955: Information leak in wireless extensions.
Installing [7rzgltfi] CVE-2010-3079: NULL pointer dereference in ftrace.
Installing [oyaovezn] CVE-2010-3437: Information leak in pktcdvd driver.
Installing [70cjk1y6] CVE-2010-3698: Denial of service vulnerability in KVM host.
Installing [9dm5foy9] CVE-2010-3081: Privilege escalation through stack underflow in compat.
Installing [mhsn7n2j] Memory corruption during KSM swapping.
Installing [kn5l6sh5] KVM guest crashes due to unsupported model-specific registers.
Installing [xmx98rz9] Erroneous merge of block write with block discard request.
Installing [23nlxpse] CVE-2010-2803: Information leak in drm subsystem.
Installing [mo9lbpsi] Memory leak in DRM buffer object LRU list handling.
Installing [91hrmhbr] Memory leak in GEM drm_vma_entry handling.
Installing [apryc0uo] CVE-2010-3865: Integer overflow in RDS rdma page counting.
Installing [ur02tbrc] CVE-2010-4160: Privilege escalation in PPP over L2TP.
Installing [5o3hvdgy] CVE-2010-4263: NULL pointer dereference in igb network driver.
Installing [a3z3nda1] CVE-2010-3477: Information leak in tcf_act_police_dump.
Installing [lsd1hzvx] CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.
Installing [z92iokkb] CVE-2010-3080: Privilege escalation in ALSA sound system OSS emulation.
Installing [23yh7u1i] CVE-2010-3861: Information leak in ETHTOOL_GRXCLSRLALL ioctl.
Installing [jxtltpyu] CVE-2010-4163 and CVE-2010-4668: Kernel panic in block subsystem.
Installing [5fuyrpx3] CVE-2010-4162: Integer overflow in block I/O subsystem.
Installing [ylkgl75m] CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver.
Installing [ppawlabm] CVE-2010-4248: Race condition in __exit_signal with multithreaded exec.
Installing [q4n7w8t6] CVE-2010-3067: Information leak in sys_io_submit.
Installing [0w2s15ix] CVE-2010-3298: Information leak in hso_get_count().
Installing [dfi8ncbj] CVE-2010-3876: Kernel information leak in packet subsystem.
Installing [ahrdouix] CVE-2010-4073: Kernel information leaks in ipc compat subsystem.
Installing [wvbjfli8] CVE-2010-4074: Information leak in USB Moschip 7720/7840/7820 serial drivers.
Installing [pkhcqtro] CVE-2010-4075: Kernel information leak in serial subsystem.
Installing [cwksn40u] CVE-2010-4077: Kernel information leak in nozomi driver.
Installing [q4d3smds] CVE-2010-4079: Information leak in Conexant cx23415 framebuffer driver.
Installing [z4duwd7q] CVE-2010-4080 and CVE-2010-4081: Information leaks in sound drivers.
Installing [eajqjo74] CVE-2010-4082: Kernel information leak in VIAFB_GET_INFO.
Installing [6hrf2a3e] CVE-2010-4083: Information leak in System V IPC.
Installing [3xm2ly3f] CVE-2010-4158: Kernel information leak in socket filters.
Installing [5y2oasdw] CVE-2010-4525: Information leak in KVM VCPU events ioctl.
Installing [35e4qfr6] CVE-2010-2492: Privilege escalation in eCryptfs.
Installing [rr12rtq3] Data corruption due to bad flags in break_lease and may_open.
Installing [20cz9gp7] Kernel oops in network neighbour update.
Installing [m650djkx] Deadlock on fsync during dm device resize.
Installing [c19gus65] CVE-2010-3880: Logic error in INET_DIAG bytecode auditing.
Installing [3e86rex1] CVE-2010-4249: Local denial of service vulnerability in UNIX sockets.
Installing [cxb3m3ae] CVE-2010-4165: Denial of service in TCP from user MSS.
Installing [dii4wm64] CVE-2010-4169: Use-after-free bug in mprotect system call.
Installing [e465fr49] CVE-2010-4243: Denial of service due to wrong execve memory accounting.
Installing [5s3fe1cn] Mitigate denial of service attacks with large argument lists.
Installing [j8jwyth1] Memory corruption in multipath deactivation queueing.
Installing [5qkkyd5m] Kernel panic in network bonding on ARP receipt.
Installing [f9j8s6u6] Failure to recover NFSv4 client state on server reboot.
Installing [qa379ag5] CVE-2011-0714: Remote denial of service in RPC server sockets.
Installing [12q8wuvd] CVE-2011-0521: Buffer underflow vulnerability in av7110 driver.
Installing [tm68xsph] CVE-2011-0695: Remote denial of service in InfiniBand setup.
Installing [fk2zg5ec] CVE-2010-4656: Buffer overflow in I/O-Warrior USB driver.
Installing [bcfvwcux] CVE-2011-0716: Memory corruption in IGMP bridge snooping.
Installing [smkv0oja] CVE-2011-1478: NULL dereference in GRO with promiscuous mode.
Installing [3eu2kr7i] CVE-2010-3296: Kernel information leak in cxgb driver.
Installing [3skmaxct] CVE-2010-4346: Bypass of mmap_min_addr using install_special_mapping.
Installing [xuxi8p7r] CVE-2010-4648: Ineffective countermeasures in Orinoco wireless driver.
Installing [7npiqvil] CVE-2010-4655: Information leak in ETHTOOL_GREGS ioctl.
Installing [en0luyx8] Denial of service on empty virtio_console write.
Installing [yv0cumoa] Denial of service in r8169 receive queue handling.
Installing [j6vlp89e] Failure of virtio_net device on guest low-memory condition.
Installing [q53j90kj] KVM guest crash due to stale memory on migration.
Installing [ri498cnm] KVM guest crash due to unblocked NMIs on STI instruction.
Installing [tlrgiz2i] CVE-2010-4526: Remote denial of service vulnerability in SCTP.
Installing [9eta98wf] Use-after-free in CIFS session management.
Installing [19wu4xr4] CVE-2011-0712: Buffer overflows in caiaq driver.
Installing [3cxo6wrf] CVE-2011-1079: Denial of service in Bluetooth BNEP.
Installing [kzieu2je] CVE-2011-1080: Information leak in netfilter.
Installing [ekzp14u9] CVE-2010-4258: Failure to revert address limit override after oops.
Installing [jd3cmfll] CVE-2011-0006: Unhandled error condition when adding security rules.
Installing [jk52g3fx] CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.
Installing [z2ne1xi4] CVE-2011-1013: Signedness error in drm.
Installing [gb4ntots] Cache allocation bug in DCCP.
Installing [pe4f00pm] CVE-2011-1093: NULL pointer dereference in DCCP.
Installing [yypibd1k] CVE-2011-1573: Denial of service in SCTP.
Installing [02al7nxj] CVE-2011-0726: Address space leakage through /proc/pid/stat.
Installing [00ahpz3z] CVE-2011-0711: Information leak in XFS filesystem.
Installing [iczdh30p] CVE-2010-4250: Reference count leak in inotify failure path.
Installing [ea8bohrp] Infinite loop in tty auditing.
Installing [85iuyyyj] Buffer overflow in iptables CLUSTERIP target.
Installing [8o0892h3] CVE-2010-4565: Information leak in Broadcast Manager CAN protocol.
Installing [p3ck0dr6] CVE-2011-1019: Module loading restriction bypass with CAP_NET_ADMIN.
Installing [w8sa7qie] CVE-2011-1016: Privilege escalation in radeon GPU driver.
Installing [aqnhua0z] CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.
Installing [mla0f8wz] CVE-2011-1082: Denial of service in epoll.
Installing [5dbkxjue] CVE-2011-1090: Denial of service in NFSv4 client.
Installing [4qj7c7qc] CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.
Installing [3vf1zjzf] CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.
Installing [a03rwxbz] CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.
Installing [7z04dctw] Incorrect interrupt handling on down e1000 interface.
Installing [ep319ryq] CVE-2011-1770: Remote denial of service in DCCP options parsing.
Installing [qp7al6tc] CVE-2010-3858: Denial of service vulnerability with large argument lists.
Installing [85n0mc4q] CVE-2011-1598: Denial of service in CAN/BCM protocol.
Installing [z8t1hsjb] CVE-2011-1748: Denial of service in CAN raw sockets.
Installing [pvtdn3yd] CVE-2011-1767: Incorrect initialization order in ip_gre.
Installing [xughs2jb] CVE-2011-1768: Incorrect initialization order in IP tunnel protocols.
Installing [k6a6bqyr] CVE-2011-2479: Denial of service with transparent hugepages and /dev/zero.
Installing [pmkvbrcc] CVE-2011-1776: Missing boundary checks in EFI partition table parsing.
Installing [pb9pjnnn] CVE-2011-1182: Signal spoofing in rt_sigqueueinfo.
Installing [mnpd8mip] CVE-2011-1593: Missing bounds check in proc filesystem.
Installing [d6vuea6w] CVE-2011-2213: Arbitrary code injection bug in IPv4 subsystem.
Installing [zmfowuqn] CVE-2011-2491: Local denial of service in NLM subsystem.
Installing [402w3brr] CVE-2011-2492: Information leak in bluetooth implementation.
Installing [vi7qxs20] CVE-2011-2497: Buffer overflow in the Bluetooth subsystem.
Installing [ql0oxrhk] CVE-2011-2517: Buffer overflow in nl80211 driver.
Installing [0xcbigxp] CVE-2011-1576: Denial of service with VLAN packets and GRO.
Installing [127f4d1u] CVE-2011-2695: Off-by-one errors in the ext4 filesystem.
Installing [w72wz6f4] CVE-2011-2495: Information leak in /proc/PID/io.
Installing [c8v0sk8t] CVE-2011-1160: Information leak in tpm driver.
Installing [1nt1dahj] CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.
Installing [bxqvqvef] CVE-2011-1746: Integer overflow in agp_allocate_memory.
Installing [d4m9k310] CVE-2011-2484: Denial of service in taskstats subsystem.
Installing [3vlbyy24] CVE-2011-2496: Local denial of service in mremap().
Installing [e0lkqz3i] CVE-2011-2723: Remote denial of service vulnerability in gro.
Installing [99r3sbjg] CVE-2011-2898: Information leak in packet subsystem
Installing [3ev4sw2b] CVE-2011-2918: Denial of service in event overflows in perf.
Installing [ll9j5877] CVE-2011-1833: Information disclosure in eCryptfs.
Installing [ww2gv7iv] CVE-2011-3359: Denial of service in Broadcom 43xx wireless driver.
Installing [9x0ub4l1] CVE-2011-3363: Denial of service in CIFS via malicious DFS referrals.
Installing [ggvpdbug] CVE-2011-3188: Weak TCP sequence number generation.
Installing [z4pt0sai] CVE-2011-1577: Denial of service in GPT partition handling.
Installing [omnzxxxr] CVE-2011-3353: Denial of service in FUSE via FUSE_NOTIFY_INVAL_ENTRY.
Installing [o4xkg2el] CVE-2011-3191: Privilege escalation in CIFS directory reading.
Installing [e2eyyaf9] CVE-2011-1162: Information leak in TPM driver.
Installing [1fmgtd1b] CVE-2011-4326: Denial of service in IPv6 UDP Fragmentation Offload.
Installing [ldjwxwd5] CVE-2011-2699: Predictable IPv6 fragment identification numbers.
Installing [tnhvync5] CVE-2011-2494: Information leak in task/process statistics.
Installing [gi4te905] CVE-2011-3593: Denial of service in VLAN with priority tagged frames.
Installing [h1wiua6s] CVE-2011-4110: Denial of service in kernel key management facilities.
Installing [4yrxpwih] CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.
Installing [gz5jfzi3] CVE-2011-1020: Missing access restrictions in /proc subsystem.
Installing [o31erbbr] CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.
Installing [yqaa1zsp] Arithmetic overflow in clock source calculations.
Installing [vxfxrncu] CVE-2011-4077: Buffer overflow in xfs_readlink.
Installing [rnvy1bow] CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.
Installing [5bokjzmm] CVE-2011-4132: Denial of service in Journaling Block Device layer.
Installing [q7t7hls4] CVE-2011-4347: Denial of service in KVM device assignment.
Installing [wmeoffm9] CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.
Installing [gu3picnz] CVE-2012-0038: In-memory corruption in XFS ACL processing.
Installing [v2td9qse] CVE-2012-0045: Denial of service in KVM system call emulation.
Installing [n2xairv0] CVE-2012-0879: Denial of service in CLONE_IO.
Installing [2k2kq44h] Fix crash on discard in the software RAID driver.
Installing [i244mlk5] CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.
Installing [2anjx00z] CVE-2012-1090: Denial of service in the CIFS filesystem reference counting.
Installing [3ujb9j7q] Inode corruption in XFS inode lookup.
Installing [01x2k6jv] Denial of service due to race condition in the scheduler subsystem.
Installing [hfh1ug4u] CVE-2011-4086: Denial of service in journaling block device.
Installing [4wb0i9tz] CVE-2012-1601: Denial of service in KVM VCPU creation.
Installing [aqut3qai] CVE-2012-0044: Integer overflow and memory corruption in DRM CRTC support.
Installing [0zkt2e47] CVE-2012-2123: Privilege escalation when assigning permissions using fcaps.
Installing [pe6u1nwx] CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.
Installing [jqtlake1] CVE-2012-2121: Memory leak in KVM device assignment.
Installing [u6ys5804] CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler.
Installing [lr9cjz2p] CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.
Installing [nscqru85] CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service.
Installing [j01o1nco] ext4 filesystem corruption on fallocate.
Installing [p37lmn34] CVE-2012-2745: Denial-of-service in kernel key management.
Installing [alprvnsv] CVE-2012-2744: Remote denial-of-service in IPv6 connection tracking.
Installing [m06ws6vc] Unreliable futexes with read-only shared mappings.
Installing [b7mpy2k1] CVE-2011-1078: Information leak in Bluetooth SCO link driver.
Installing [pywfzhvz] CVE-2012-2384: Integer overflow in i915 execution buffer.
Installing [2ibdnvmo] Livelock due to invalid locking strategy when adding a leap-second.
Installing [oixf5hkj] CVE-2012-2384: Additional fix for integer overflow in i915 execution buffer.
Installing [m4x7vdnl] CVE-2012-2390: Memory leak in hugetlbfs mmap() failure.
Installing [o2a3jmox] CVE-2012-2313: Privilege escalation in the dl2k NIC.
Installing [u3qpyl86] CVE-2012-3430: kernel information leak in RDS sockets.
Installing [wr1of5oe] CVE-2012-3552: Denial-of-service in IP options handling.
Installing [y40wlmcw] CVE-2012-3412: Remote denial of service through TCP MSS option in SFC NIC.
Installing [dxshabnc] Use-after-free in USB.
Installing [aovf4isj] Race condition in SUNRPC.
Installing [trz9wa6p] CVE-2012-3400: Buffer overflow in UDF parsing.
Installing [062ge0uf] CVE-2012-3511: Use-after-free due to race condition in madvise.
Installing [tu585kp5] CVE-2012-1568: A predictable base address with shared libraries and ASLR.
Installing [fky5li3t] CVE-2012-2133: Use-after-free in hugetlbfs quota handling.
Installing [xtpg99y6] CVE-2012-5517: NULL pointer dereference in memory hotplug.
Installing [ffehzdo8] CVE-2012-4444: Prohibit reassembling IPv6 fragments when some data overlaps.
Installing [u0d6ztl3] CVE-2012-4565: Divide by zero in TCP congestion control Algorithm.
Installing [7au7wp12] CVE-2012-2100: Divide-by-zero mounting an ext4 filesystem.
Installing [80vrmgyk] CVE-2012-4530: Kernel information leak in binfmt execution.
Installing [uytq1dk0] CVE-2012-4398: Denial-of-service in kernel module loading.
Installing [3c5erej0] CVE-2013-0310: NULL pointer dereference in CIPSO socket options.
Installing [j8x8j89y] CVE-2013-0311: Privilege escalation in vhost descriptor management.
Installing [mkibg12j] CVE-2012-4508: Stale data exposure in ext4.
Installing [daw7s3mo] CVE-2012-4542: SCSI command filter does not restrict access to read-only devices.
Installing [nqlo7yy2] CVE-2013-0871: Privilege escalation in PTRACE_SETREGS.
Installing [l6zf9mec] CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.
Installing [r88p6prz] CVE-2013-1798: Information leak in KVM APIC driver.
Installing [tquaqo7o] CVE-2013-1792: Denial-of-service in user keyring management.
Installing [ao71x17l] CVE-2012-6537: Kernel information leaks in network transformation subsystem.
Installing [875umolk] CVE-2013-1826: NULL pointer dereference in XFRM buffer size mismatch.
Installing [4dr93r2j] CVE-2013-1827: Denial-of-service in DCCP socket options.
Installing [cdrfdlrt] CVE-2013-0349: Kernel information leak in Bluetooth HIDP support.
Installing [9j8xk8dz] CVE-2012-6546: Information leak in ATM sockets.
Installing [4oeurjvw] CVE-2013-1767: Use-after-free in tmpfs mempolicy remount.
Installing [yhprsmoc] CVE-2013-1773: Heap buffer overflow in VFAT Unicode handling.
Installing [amh400jp] CVE-2012-6547: Kernel stack leak from TUN ioctls.
Installing [532069fc] CVE-2013-1774: NULL pointer dereference in USB Inside Out Edgeport serial driver.
Installing [uaslykxk] CVE-2013-2017: Double free in Virtual Ethernet Tunnel driver (veth).
Installing [1vegmzxj] CVE-2013-1943: Local privilege escalation in KVM memory mappings.
Installing [wddz9qxt] CVE-2012-6548: Information leak in UDF export.
Installing [d51dm2vs] CVE-2013-0914: Information leak in signal handlers.
Installing [sxb5x0pd] CVE-2013-2852: Invalid format string usage in Broadcom B43 wireless driver.
Installing [vzlh2p9r] CVE-2013-3222: Kernel stack information leak in ATM sockets.
Installing [l1wlz1f1] CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.
Installing [m0y7j4ra] CVE-2013-3225: Kernel stack information leak in Bluetooth rfcomm.
Installing [3m5ckvvm] CVE-2013-3301: NULL pointer dereference in tracing sysfs files.
Installing [o44ucnfs] CVE-2013-2634, 2635: Kernel leak in data center bridging and netlink.
Installing [0m3a5xq8] CVE-2013-2128: Denial of service in TCP splice.
Installing [2fg4nowt] CVE-2013-2232: Memory corruption in IPv6 routing cache.
Installing [m4a0xb93] CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.
Installing [pqfoprcp] CVE-2013-2237: Information leak on IPSec key socket.
Installing [i1ha5yp7] CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.
Installing [aqfegdn1] CVE-2013-4299: Information leak in device mapper persistent snapshots.
Installing [oojymn3l] CVE-2013-4387: Memory corruption in IPv6 UDP fragmentation offload.
Installing [kb7zovzd] CVE-2013-0343: Denial of service in IPv6 privacy extensions.
Installing [7ew8svwd] Off-by-one error causes reduced entropy in kernel PRNG.
Installing [v3hs5diu] CVE-2013-2888: Memory corruption in Human Input Device processing.
Installing [aew2tmdl] CVE-2013-2889: Memory corruption in Zeroplus HID driver.
Installing [ox2wqeva] CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.
Installing [w9rhkfub] CVE-2013-1928: Kernel information leak in compat_ioctl/VIDEO_SET_SPU_PALETTE.
Installing [r55nqyci] CVE-2013-2164: Kernel information leak in the CDROM driver.
Installing [1vgf62zi] CVE-2013-2234: Information leak in IPsec key management.
Installing [hc532irb] CVE-2013-2851: Format string vulnerability is software RAID device names.
Installing [e129vh8h] CVE-2013-4592: Denial-of-service in KVM IOMMU mappings.
Installing [9wzwcaep] CVE-2013-2141: Information leak in tkill() and tgkill() system calls.
Installing [ufm8ladu] CVE-2013-4470: Memory corruption in IPv4 and IPv6 networking corking with UFO.
Installing [5rh9jkmi] CVE-2013-6367: Divide-by-zero in KVM LAPIC.
Installing [ur8700aj] CVE-2013-6368: Memory corruption in KVM virtual APIC accesses.
Installing [nyg2e0m1] Error in the tag insertion logic of the bonding network device.
Installing [1ekik21n] CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.
Installing [m8de4fmg] CVE-2013-7263, CVE-2013-7265: Information leak in IPv4, IPv6 and PhoNet socket recvmsg.
Installing [p4ufjdr0] CVE-2014-0101: NULL pointer dereference in SCTP protocol.
Installing [o86dh6ww] Use-after-free in EDAC Intel E752X driver.
Installing [b2h8hej4] Deadlock in XFS filesystem when removing a inode from namespace.
Installing [nvhmnvp6] Memory leak in GFS2 filesystem for files with short lifespan.
Installing [7brqevk0] CVE-2013-1860: Buffer overflow in Wireless Device Management driver.
Installing [4nh0vuhi] Missing check in selinux for IPSec TCP SYN-ACK packets.
Installing [zvvk1k2q] Logic error in selinux when checking permissions on recv socket.
Installing [2mxh0jvn] CVE-2013-(726[6789], 727[01], 322[89], 3231): Information leaks in recvmsg.
Installing [1r5tw9sm] CVE-2013-6383: Missing capability check in AAC RAID compatibility ioctl.
Installing [z4k7xryp] CVE-2014-2523: Remote crash via DCCP conntrack.
Installing [pi89wa2j] CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.
Installing [b4x8o44g] CVE-2014-0196: Pseudo TTY device write buffer handling race.
Installing [s8s7tfsm] CVE-2014-3153: Local privilege escalation in futex requeueing.
Installing [bqk9mi1j] CVE-2013-6378: Denial-of-service in Marvell 8xxx Libertas WLAN driver.
Installing [rokmr7ey] CVE-2014-1874: Denial-of-service in SELinux on empty security context.
Installing [hxq9cdju] CVE-2014-0203: Memory corruption on listing procfs symbolic links.
Installing [n6kpf53d] CVE-2014-4699: Privilege escalation in ptrace() RIP modification.
Installing [pbab6ibn] CVE-2014-4943: Privilege escalation in PPP over L2TP setsockopt/getsockopt.
Installing [8n932y6h] CVE-2014-5077: Remote denial-of-service in SCTP on simultaneous connections.
Installing [yfh1rar2] CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.
Installing [5z4hhyp3] CVE-2013-7339: NULL pointer dereference in RDS socket binding.
Installing [1vpc7i76] CVE-2012-6647: NULL pointer dereference in non-pi futexes.
Installing [ruu6bc4r] CVE-2014-3144, CVE-2014-3145: Multiple local denial of service vulnerabilities in netlink.
Installing [hgeqfh2x] CVE-2014-3917: Denial-of-service and information leak in audit syscall subsystem.
Installing [345v5a2z] CVE-2014-4667: Denial-of-service in SCTP stack when unpacking a COOKIE_ECHO chunk.
Installing [92st5y9o] CVE-2014-0205: Use-after-free in futex refcounting.
Your kernel is fully up to date.
Effective kernel version is 2.6.32-431.29.2.el6

real	1m26.960s
user	0m39.562s
sys	0m34.806s
And now, 1min 27seconds for 267 patches. both CVEs and critical fixes...

The magic of ksplice

Wim Coekaerts - Wed, 2014-10-15 15:09
I love talking about Oracle Ksplice and how cool a technology and feature it is. Whenever I explain to customers how much they can do with it, they often just can't believe the capabilities until I show them, in a matter of literally 5 seconds that it actually really -just works-.

During Oracle OpenWorld, we talked about it a lot, of course, and I wanted to show you how far back these ksplice updates can go. How much flexibility it gives a system administrator in terms of which kernel to use, how easy and fast it is, etc...

One of the main advantages of the ksplice technology is the ability for us to build these updates for many, many, yes many,... kernels and have a highly automated and scalable build infrastructure. When we publish a ksplice update, we build the update for -every kernel errata- released since the first kernel for that given major distribution release we started to support. What does this mean? Well, in the case of Oracle Linux 5, we currently support ksplice updates starting with Oracle Linux 5 update 4's kernel. The base-kernel being the Red Hat Compatible kernel : 2.6.18-164.el5 built, Thu Sep 3 04:15:13 EDT 2009. Yes, you read that right, September 2009. So during the lifetime of Oracle Linux 5, starting with that kernel, we publish ksplice updates for every kernel since then to today (and forward, of course). So no matter what errata kernel you are on, since -164, or major Oracle Linux 5 release, ksplice updates released after that date will be available for all those kernels. A simple uptrack-upgrade will take that running version up to the latest updates. While the main focus of the ksplice online updates is around CVEs, we also add critical fixes to it as well, so it's a combination of both.

So back to OL5.4. running uname shows 2.6.18-164.el5. After uptrack-upgrade -y it will say 2.6.18-398.el5 (which by the way is the latest kernel for OL5 for 2.6.18). You can see the output below, you can also see how many 'minutes' it took, without reboot, all current and active right away, and you can follow the timeframe by looking at the year right behind CVE. You will see CVEs from 2009, 2010, 2011, 2012, 2013 and 2014. Completely current.

Now, this can be done on a running system, to install ksplice and start using it, you don't need to reboot, just install the uptrack tools and you're good to go. You can be current with CVEs and critical bugs without rebooting for years. You can be current, even though you run an older update release of Oracle Linux, and you are not required to take new kernels with potentially (in the RHCK case) new features backported, introducing new code beyond just bugfixes, introduce new device drivers, which on a system that's stable, you don't necessarily want or need. So it's always good to update to newer kernels when you get new hardware and you need new device drivers, but for existing stable production systems, you don't really want or need that, nor do you necessarily need to get stuff from new kernels backported into older versions (again, in particular in the RHCK case) which will introduce a lot of change, I will show you a lines of code change in another blog entry. ksplice let's you stick with an older version, yet, anything critical and CVE related will be there for you and this for any errata kernel you start with since, in the OL5 case, update 4... Not just one update earlier, or but any kernel at any point in time.

If you do have periodic scheduled reboots, fine, install the kernel rpms so that the next time you reboot, it boots into the latest kernel, if you want, but you don't have to. You have complete flexibility if and when you need it.

I hope that the output of this and a follow up blog I will do on OL6 as a similar example, shows how scalable this is, how much use this has had, how many updates we have done and can do, how complex these updates are (not just a one liner change in some file) not just a one off for one customer case but scalable. Also, with tons of checks in place so that it works for kernel modules, so that it won't lock up your box, we validate that it's the right kernel, that these updates are safe to apply, etc, etc.. proven, 7+ years old technology. And completely supported by us. You can run your database or middleware software and run uptrack-upgrade while it's up and running and humming along... perfectly OK.

time uptrack-upgrade -y
The following steps will be taken:
Install [v5267zuo] Clear garbage data on the kernel stack when handling signals.
Install [u4puutmx] CVE-2009-2849: NULL pointer dereference in md.
Install [302jzohc] CVE-2009-3286: Incorrect permissions check in NFSv4.
Install [k6oev8o2] CVE-2009-3228: Information leaks in networking systems.
Install [tvbl43gm] CVE-2009-3613: Remote denial of service in r8169 driver.
Install [690q6ok1] CVE-2009-2908: NULL pointer dereference in eCryptfs.
Install [ijp9g555] CVE-2009-3547: NULL pointer dereference opening pipes.
Install [1ala9dhk] CVE-2009-2695: SELinux does not enforce mmap_min_addr sysctl.
Install [5fq3svyl] CVE-2009-3621: Denial of service shutting down abstract-namespace sockets.
Install [bjdsctfo] CVE-2009-3620: NULL pointer dereference in ATI Rage 128 driver.
Install [lzvczyai] CVE-2009-3726: NFSv4: Denial of Service in NFS client.
Install [25vdhdv7] CVE-2009-3612: Information leak in the netlink subsystem.
Install [wmkvlobl] CVE-2007-4567: Remote denial of service in IPv6
Install [ejk1k20m] CVE-2009-4538: Denial of service in e1000e driver.
Install [c5das3zq] CVE-2009-4537: Buffer underflow in r8169 driver.
Install [issxhwza] CVE-2009-4536: Denial of service in e1000 driver.
Install [kyibbr3e] CVE-2009-4141: Local privilege escalation in fasync_helper().
Install [jfp36tzw] CVE-2009-3080: Privilege Escalation in GDT driver.
Install [4746ikud] CVE-2009-4021: Denial of service in fuse_direct_io.
Install [234ls00d] CVE-2009-4020: Buffer overflow mounting corrupted hfs filesystem.
Install [ffi8v0vl] CVE-2009-4272: Remote DOS vulnerabilities in routing hash table.
Install [fesxf892] CVE-2006-6304: Rewrite attack flaw in do_coredump.
Install [43o4k8ow] CVE-2009-4138: NULL pointer dereference flaw in firewire-ohci driver.
Install [9xzs9dxx] Kernel panic in do_wp_page under heavy I/O load.
Install [qdlkztzx] Kernel crash forwarding network traffic.
Install [ufo0resg] CVE-2010-0437: NULL pointer dereference in ip6_dst_lookup_tail.
Install [490guso5] CVE-2010-0007: Missing capabilities check in ebtables module.
Install [zwn5ija2] CVE-2010-0415: Information Leak in sys_move_pages
Install [n8227iv2] CVE-2009-4308: NULL pointer dereference in ext4 decoding EROFS w/o a journal.
Install [988ux06h] CVE-2009-4307: Divide-by-zero mounting an ext4 filesystem.
Install [2jp2pio6] CVE-2010-0727: Denial of Service in GFS2 locking.
Install [xem0m4sg] Floating point state corruption after signal.
Install [bkwy53ji] CVE-2010-1085: Divide-by-zero in Intel HDA driver.
Install [3ulklysv] CVE-2010-0307: Denial of service on amd64
Install [jda1w8ml] CVE-2010-1436: Privilege escalation in GFS2 server
Install [trws48lp] CVE-2010-1087: Oops when truncating a file in NFS
Install [ij72ubb6] CVE-2010-1088: Privilege escalation with automount symlinks
Install [gmqqylxv] CVE-2010-1187: Denial of service in TIPC
Install [3a24ltr0] CVE-2010-0291: Multiple denial of service bugs in mmap and mremap
Install [7mm0u6cz] CVE-2010-1173: Remote denial of service in SCTP
Install [fd1x4988] CVE-2010-0622: Privilege escalation by futex corruption
Install [l5qljcxc] CVE-2010-1437: Privilege escalation in key management
Install [xs69oy0y] CVE-2010-1641: Permission check bypass in GFS2
Install [lgmry5fa] CVE-2010-1084: Privilege escalation in Bluetooth subsystem.
Install [j7m6cafl] CVE-2010-2248: Remote denial of service in CIFS client.
Install [avqwduk3] CVE-2010-2524: False CIFS mount via DNS cache poisoning.
Install [6qplreu2] CVE-2010-2521: Remote buffer overflow in NFSv4 server.
Install [5ohnc2ho] CVE-2010-2226: Read access to write-only files in XFS filesystem.
Install [i5ax6hf4] CVE-2010-2240: Privilege escalation vulnerability in memory management.
Install [50ydcp2k] CVE-2010-3081: Privilege escalation through stack underflow in compat.
Install [59car2zc] CVE-2010-2798: Denial of service in GFS2.
Install [dqjlyw67] CVE-2010-2492: Privilege Escalation in eCryptfs.
Install [5mgd1si0] Improved fix to CVE-2010-1173.
Install [qr5isvgk] CVE-2010-3015: Integer overflow in ext4 filesystem.
Install [sxeo6c33] CVE-2010-1083: Information leak in USB implementation.
Install [mzgdwuwp] CVE-2010-2942: Information leaks in traffic control dump structures.
Install [19jigi5v] CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
Install [rg7pe3n8] CVE-2010-3067: Information leak in sys_io_submit.
Install [n3tg4mky] CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.
Install [s2y6oq9n] CVE-2010-3086: Denial of Service in futex atomic operations.
Install [9subq5sx] CVE-2010-3477: Information leak in tcf_act_police_dump.
Install [x8q709jt] CVE-2010-2963: Kernel memory overwrite in VIDIOCSMICROCODE.
Install [ff1wrijq] Buffer overflow in icmpmsg_put.
Install [4iixzl59] CVE-2010-3432: Remote denial of service vulnerability in SCTP.
Install [7oqt6tqc] CVE-2010-3442: Heap corruption vulnerability in ALSA core.
Install [ittquyax] CVE-2010-3865: Integer overflow in RDS rdma page counting.
Install [0bpdua1b] CVE-2010-3876: Kernel information leak in packet subsystem.
Install [ugjt4w1r] CVE-2010-4083: Kernel information leak in semctl syscall.
Install [n9l81s9q] CVE-2010-4248: Race condition in __exit_signal with multithreaded exec.
Install [68zq0p4d] CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver.
Install [cggc9uy2] CVE-2010-4157: Memory corruption in Intel/ICP RAID driver.
Install [f5ble6od] CVE-2010-3880: Logic error in INET_DIAG bytecode auditing.
Install [gwuiufjq] CVE-2010-3858: Denial of service vulnerability with large argument lists.
Install [usukkznh] Mitigate denial of service attacks with large argument lists.
Install [5tq2ob60] CVE-2010-4161: Deadlock in socket queue subsystem.
Install [oz6k77bm] CVE-2010-3859: Heap overflow vulnerability in TIPC protocol.
Install [uzil3ohn] CVE-2010-3296: Kernel information leak in cxgb driver.
Install [wr9nr8zt] CVE-2010-3877: Kernel information leak in tipc driver.
Install [5wrnhakw] CVE-2010-4073: Kernel information leaks in ipc compat subsystem.
Install [hnbz3ppf] Integer overflow in sys_remap_file_pages.
Install [oxczcczj] CVE-2010-4258: Failure to revert address limit override after oops.
Install [t44v13q4] CVE-2010-4075: Kernel information leak in serial core.
Install [8p4jsino] CVE-2010-4080 and CVE-2010-4081: Information leaks in sound drivers.
Install [3raind7m] CVE-2010-4243: Denial of service due to wrong execve memory accounting.
Install [od2bcdwj] CVE-2010-4158: Kernel information leak in socket filters.
Install [zbxtr4my] CVE-2010-4526: Remote denial of service vulnerability in SCTP.
Install [mscc8dnf] CVE-2010-4655: Information leak in ethtool_get_regs.
Install [8r9231h7] CVE-2010-4249: Local denial of service vulnerability in UNIX sockets.
Install [2lhgep6i] Panic in kfree() due to race condition in acpi_bus_receive_event.
Install [uaypv955] Fix connection timeouts due to shrinking tcp window with window scaling.
Install [7klbps5h] CVE-2010-1188: Use after free bug in tcp_rcv_state_process.
Install [u340317o] CVE-2011-1478: NULL dereference in GRO with promiscuous mode.
Install [ttqhpxux] CVE-2010-4346: mmap_min_addr bypass in install_special_mapping.
Install [ifgdet83] Use-after-free in MPT driver.
Install [2n7dcbk9] CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.
Install [cy964b8w] CVE-2011-1090: Denial of Service in NFSv4 client.
Install [6e28ii3e] CVE-2011-1079: Missing validation in bnep_sock_ioctl.
Install [gw5pjusn] CVE-2011-1093: Remote Denial of Service in DCCP.
Install [23obo960] CVE-2011-0726: Information leak in /proc/[pid]/stat.
Install [pbxuj96b] CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.
Install [9oepi0rc] Buffer overflow in iptables CLUSTERIP target.
Install [nguvvw6h] CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.
Install [8v9d3ton] USB Audio regression introduced by CVE-2010-1083 fix.
Install [jz43fdgc] Denial of service in NFS server via reference count leak.
Install [h860edrq] Fix a packet flood when initializing a bridge device without STP.
Install [3xcb5ffu] CVE-2011-1577: Missing boundary checks in GPT partition handling.
Install [wvcxkbxq] CVE-2011-1078: Information leak in Bluetooth sco.
Install [n5a8jgv9] CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.
Install [3t5fgeqc] CVE-2011-1576: Denial of service with VLAN packets and GRO.
Install [qsvqaynq] CVE-2011-0711: Information leak in XFS filesystem.
Install [m1egxmrj] CVE-2011-1573: Remote denial of service in SCTP.
Install [fexakgig] CVE-2011-1776: Missing validation for GPT partitions.
Install [rrnm0hzm] CVE-2011-0695: Remote denial of service in InfiniBand setup.
Install [c50ijj1f] CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.
Install [eywxeqve] CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.
Install [u83h3kej] CVE-2011-1746: Integer overflow in agp_allocate_memory.
Install [kcmghb3m] CVE-2011-1593: Denial of service in next_pidmap.
Install [s113zod3] CVE-2011-1182: Missing validation check in signals implementation.
Install [2xn5hnvr] CVE-2011-2213: Denial of service in inet_diag_bc_audit.
Install [fznr6cbr] CVE-2011-2492: Information leak in bluetooth implementation.
Install [nzhpmyaa] CVE-2011-2525: Denial of Service in packet scheduler API
Install [djng1uvs] CVE-2011-2482: Remote denial of service vulnerability in SCTP.
Install [mbg8auhk] CVE-2011-2495: Information leak in /proc/PID/io.
Install [ofrder8l] Hangs using direct I/O with XFS filesystem.
Install [tqkgmwz7] CVE-2011-2491: Local denial of service in NLM subsystem.
Install [wkw7j4ov] CVE-2011-1160: Information leak in tpm driver.
Install [1f4r424i] CVE-2011-1585: Authentication bypass in CIFS.
Install [kr0lofug] CVE-2011-2484: Denial of service in taskstats subsystem.
Install [zm5fxh2c] CVE-2011-2496: Local denial of service in mremap().
Install [4f8zud01] CVE-2009-4067: Buffer overflow in Auerswald usb driver.
Install [qgzezhlj] CVE-2011-2695: Off-by-one errors in the ext4 filesystem.
Install [fy2peril] CVE-2011-2699: Predictable IPv6 fragment identification numbers.
Install [idapn9ej] CVE-2011-2723: Remote denial of service vulnerability in gro.
Install [i1q0saw7] CVE-2011-1833: Information disclosure in eCryptfs.
Install [uqv087lb] CVE-2011-3191: Memory corruption in CIFSFindNext.
Install [drz5ixw2] CVE-2011-3209: Denial of Service in clock implementation.
Install [2zawfk0b] CVE-2011-3188: Weak TCP sequence number generation.
Install [7gkvlyfi] CVE-2011-3363: Remote denial of service in cifs_mount.
Install [8einfy3y] CVE-2011-4110: Null pointer dereference in key subsystem.
Install [w9l57w7p] CVE-2011-1162: Information leak in TPM driver.
Install [hl96s86z] CVE-2011-2494: Information leak in task/process statistics.
Install [5vsbttwa] CVE-2011-2203: Null pointer dereference mounting HFS filesystems.
Install [ycoswcar] CVE-2011-4077: Buffer overflow in xfs_readlink.
Install [rw8qiogc] CVE-2011-4132: Denial of service in Journaling Block Device layer.
Install [erniwich] CVE-2011-4330: Buffer overflow in HFS file name translation logic.
Install [q6rd6uku] CVE-2011-4324: Denial of service vulnerability in NFSv4.
Install [vryc0xqm] CVE-2011-4325: Denial of service in NFS direct-io.
Install [keb8azcn] CVE-2011-4348: Socket locking race in SCTP.
Install [yvevd42a] CVE-2011-1020, CVE-2011-3637: Information leak, DoS in /proc.
Install [thzrtiaw] CVE-2011-4086: Denial of service in journaling block device.
Install [y5efh27f] CVE-2012-0028: Privilege escalation in user-space futexes.
Install [wxdx4x4i] CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.
Install [cd2g2hvz] CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.
Install [aqo49k28] CVE-2011-1083: Algorithmic denial of service in epoll.
Install [uknrp2eo] Denial of service in filesystem unmounting.
Install [97u6urvt] Soft lockup in USB ACM driver.
Install [01uynm3o] CVE-2012-1583: use-after-free in IPv6 tunneling.
Install [loizuvxu] Kernel crash in Ethernet bridging netfilter module.
Install [yc146ytc] Unresponsive I/O using QLA2XXX driver.
Install [t92tukl1] CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.
Install [aldzpxho] CVE-2012-3375: Denial of service due to epoll resource leak in error path.
Install [bvoz27gv] Arithmetic overflow in clock source calculations.
Install [lzwurn1u] ext4 filesystem corruption on fallocate.
Install [o9b62qf6] CVE-2012-2313: Privilege escalation in the dl2k NIC.
Install [9do532u6] Kernel panic when overcommiting memory with NFSd.
Install [zf95qrnx] CVE-2012-2319: Buffer overflow mounting corrupted hfs filesystem.
Install [fx2rxv2q] CVE-2012-3430: kernel information leak in RDS sockets.
Install [wo638apk] CVE-2012-2100: Divide-by-zero mounting an ext4 filesystem.
Install [ivl1wsvt] CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.
Install [xl2q6gwk] CVE-2012-3552: Denial-of-service in IP options handling.
Install [l093jvcl] Kernel panic in SMB extended attributes.
Install [qlzoyvty] Kernel panic in ext3 indirect blocks.
Install [8lj9n3i6] CVE-2012-1568: A predictable base address with shared libraries and ASLR.
Install [qn1rqea3] CVE-2012-4444: Prohibit reassembling IPv6 fragments when some data overlaps.
Install [wed7w5th] CVE-2012-3400: Buffer overflow in UDF parsing.
Install [n2dqx9n3] CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.
Install [p8oacpis] CVE-2013-0871: Privilege escalation in PTRACE_SETREGS.
Install [cbdr6azh] CVE-2012-6537: Kernel information leaks in network transformation subsystem.
Install [1qz0f4lv] CVE-2013-1826: NULL pointer dereference in XFRM buffer size mismatch.
Install [s0q68mb1] CVE-2012-6547: Kernel stack leak from TUN ioctls.
Install [s1c6y3ee] CVE-2012-6546: Information leak in ATM sockets.
Install [2zzz6cqb] Data corruption on NFSv3/v2 short reads.
Install [kfav9h9d] CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.
Install [coeq937e] CVE-2013-3222: Kernel stack information leak in ATM sockets.
Install [43shl6vr] CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.
Install [whoojewf] CVE-2013-3235: Kernel stack information leak in TIPC protocol.
Install [7vap7ys6] CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.
Install [0xjd0c1r] CVE-2013-0914: Information leak in signal handlers.
Install [l2925frf] CVE-2013-2147: Kernel memory leak in Compaq Smart Array controllers.
Install [lt4qe1dr] CVE-2013-2164: Kernel information leak in the CDROM driver.
Install [7fkc8czu] CVE-2013-2234: Information leak in IPsec key management.
Install [0t3omxv5] CVE-2013-2237: Information leak on IPSec key socket.
Install [e1jtiocl] CVE-2013-2232: Memory corruption in IPv6 routing cache.
Install [f0bqnvc1] CVE-2013-2206: NULL pointer dereference in SCTP duplicate cookie handling.
Install [v188ww9y] CVE-2013-2141: Information leak in tkill() and tgkill() system calls.
Install [0amslrok] CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.
Install [s4w6qq7g] CVE-2012-3511: Use-after-free due to race condition in madvise.
Install [kvnlhbh1] CVE-2012-4398: Denial-of-service in kernel module loading.
Install [k77237db] CVE-2013-4299: Information leak in device mapper persistent snapshots.
Install [ekv19fgd] CVE-2013-4345: Off-by-one in the ANSI Crypto RNG.
Install [pl4pqen7] CVE-2013-0343: Denial of service in IPv6 privacy extensions.
Install [ku36xnjx] Incorrect handling of SCSI scatter-gather list mapping failures.
Install [9jc4vajb] CVE-2013-6383: Missing capability check in AAC RAID compatibility ioctl.
Install [66nk6gwh] CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.
Install [1vays5jg] CVE-2013-7263: Information leak in IPv4 and IPv6 socket recvmsg.
Install [g8wy6r2k] CVE-2013-4483: Denial-of-service in IPC subsystem when taking a reference count.
Install [617yrxdl] CVE-2012-6638: Denial-of-service in TCP's SYN+FIN messages.
Install [pp6j74s7] CVE-2013-2888: Kernel memory corruption flaw via oversize HID report id.
Install [pz65qqpk] Panic in GFS2 filesystem locking code.
Install [p4focqhi] CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.
Install [6w9u3383] CVE-2013-7339: NULL pointer dereference in RDS socket binding.
Install [xqpvy7zh] CVE-2014-4699: Privilege escalation in ptrace() RIP modification.
Install [ghkc42rj] CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.
Install [g4qbxm30] CVE-2014-3917: Denial-of-service and information leak in audit syscall subsystem.
Install [eit799o3] Memory leak in GFS2 filesystem for files with short lifespan.
Installing [v5267zuo] Clear garbage data on the kernel stack when handling signals.
Installing [u4puutmx] CVE-2009-2849: NULL pointer dereference in md.
Installing [302jzohc] CVE-2009-3286: Incorrect permissions check in NFSv4.
Installing [k6oev8o2] CVE-2009-3228: Information leaks in networking systems.
Installing [tvbl43gm] CVE-2009-3613: Remote denial of service in r8169 driver.
Installing [690q6ok1] CVE-2009-2908: NULL pointer dereference in eCryptfs.
Installing [ijp9g555] CVE-2009-3547: NULL pointer dereference opening pipes.
Installing [1ala9dhk] CVE-2009-2695: SELinux does not enforce mmap_min_addr sysctl.
Installing [5fq3svyl] CVE-2009-3621: Denial of service shutting down abstract-namespace sockets.
Installing [bjdsctfo] CVE-2009-3620: NULL pointer dereference in ATI Rage 128 driver.
Installing [lzvczyai] CVE-2009-3726: NFSv4: Denial of Service in NFS client.
Installing [25vdhdv7] CVE-2009-3612: Information leak in the netlink subsystem.
Installing [wmkvlobl] CVE-2007-4567: Remote denial of service in IPv6
Installing [ejk1k20m] CVE-2009-4538: Denial of service in e1000e driver.
Installing [c5das3zq] CVE-2009-4537: Buffer underflow in r8169 driver.
Installing [issxhwza] CVE-2009-4536: Denial of service in e1000 driver.
Installing [kyibbr3e] CVE-2009-4141: Local privilege escalation in fasync_helper().
Installing [jfp36tzw] CVE-2009-3080: Privilege Escalation in GDT driver.
Installing [4746ikud] CVE-2009-4021: Denial of service in fuse_direct_io.
Installing [234ls00d] CVE-2009-4020: Buffer overflow mounting corrupted hfs filesystem.
Installing [ffi8v0vl] CVE-2009-4272: Remote DOS vulnerabilities in routing hash table.
Installing [fesxf892] CVE-2006-6304: Rewrite attack flaw in do_coredump.
Installing [43o4k8ow] CVE-2009-4138: NULL pointer dereference flaw in firewire-ohci driver.
Installing [9xzs9dxx] Kernel panic in do_wp_page under heavy I/O load.
Installing [qdlkztzx] Kernel crash forwarding network traffic.
Installing [ufo0resg] CVE-2010-0437: NULL pointer dereference in ip6_dst_lookup_tail.
Installing [490guso5] CVE-2010-0007: Missing capabilities check in ebtables module.
Installing [zwn5ija2] CVE-2010-0415: Information Leak in sys_move_pages
Installing [n8227iv2] CVE-2009-4308: NULL pointer dereference in ext4 decoding EROFS w/o a journal.
Installing [988ux06h] CVE-2009-4307: Divide-by-zero mounting an ext4 filesystem.
Installing [2jp2pio6] CVE-2010-0727: Denial of Service in GFS2 locking.
Installing [xem0m4sg] Floating point state corruption after signal.
Installing [bkwy53ji] CVE-2010-1085: Divide-by-zero in Intel HDA driver.
Installing [3ulklysv] CVE-2010-0307: Denial of service on amd64
Installing [jda1w8ml] CVE-2010-1436: Privilege escalation in GFS2 server
Installing [trws48lp] CVE-2010-1087: Oops when truncating a file in NFS
Installing [ij72ubb6] CVE-2010-1088: Privilege escalation with automount symlinks
Installing [gmqqylxv] CVE-2010-1187: Denial of service in TIPC
Installing [3a24ltr0] CVE-2010-0291: Multiple denial of service bugs in mmap and mremap
Installing [7mm0u6cz] CVE-2010-1173: Remote denial of service in SCTP
Installing [fd1x4988] CVE-2010-0622: Privilege escalation by futex corruption
Installing [l5qljcxc] CVE-2010-1437: Privilege escalation in key management
Installing [xs69oy0y] CVE-2010-1641: Permission check bypass in GFS2
Installing [lgmry5fa] CVE-2010-1084: Privilege escalation in Bluetooth subsystem.
Installing [j7m6cafl] CVE-2010-2248: Remote denial of service in CIFS client.
Installing [avqwduk3] CVE-2010-2524: False CIFS mount via DNS cache poisoning.
Installing [6qplreu2] CVE-2010-2521: Remote buffer overflow in NFSv4 server.
Installing [5ohnc2ho] CVE-2010-2226: Read access to write-only files in XFS filesystem.
Installing [i5ax6hf4] CVE-2010-2240: Privilege escalation vulnerability in memory management.
Installing [50ydcp2k] CVE-2010-3081: Privilege escalation through stack underflow in compat.
Installing [59car2zc] CVE-2010-2798: Denial of service in GFS2.
Installing [dqjlyw67] CVE-2010-2492: Privilege Escalation in eCryptfs.
Installing [5mgd1si0] Improved fix to CVE-2010-1173.
Installing [qr5isvgk] CVE-2010-3015: Integer overflow in ext4 filesystem.
Installing [sxeo6c33] CVE-2010-1083: Information leak in USB implementation.
Installing [mzgdwuwp] CVE-2010-2942: Information leaks in traffic control dump structures.
Installing [19jigi5v] CVE-2010-3904: Local privilege escalation vulnerability in RDS sockets.
Installing [rg7pe3n8] CVE-2010-3067: Information leak in sys_io_submit.
Installing [n3tg4mky] CVE-2010-3078: Information leak in xfs_ioc_fsgetxattr.
Installing [s2y6oq9n] CVE-2010-3086: Denial of Service in futex atomic operations.
Installing [9subq5sx] CVE-2010-3477: Information leak in tcf_act_police_dump.
Installing [x8q709jt] CVE-2010-2963: Kernel memory overwrite in VIDIOCSMICROCODE.
Installing [ff1wrijq] Buffer overflow in icmpmsg_put.
Installing [4iixzl59] CVE-2010-3432: Remote denial of service vulnerability in SCTP.
Installing [7oqt6tqc] CVE-2010-3442: Heap corruption vulnerability in ALSA core.
Installing [ittquyax] CVE-2010-3865: Integer overflow in RDS rdma page counting.
Installing [0bpdua1b] CVE-2010-3876: Kernel information leak in packet subsystem.
Installing [ugjt4w1r] CVE-2010-4083: Kernel information leak in semctl syscall.
Installing [n9l81s9q] CVE-2010-4248: Race condition in __exit_signal with multithreaded exec.
Installing [68zq0p4d] CVE-2010-4242: NULL pointer dereference in Bluetooth HCI UART driver.
Installing [cggc9uy2] CVE-2010-4157: Memory corruption in Intel/ICP RAID driver.
Installing [f5ble6od] CVE-2010-3880: Logic error in INET_DIAG bytecode auditing.
Installing [gwuiufjq] CVE-2010-3858: Denial of service vulnerability with large argument lists.
Installing [usukkznh] Mitigate denial of service attacks with large argument lists.
Installing [5tq2ob60] CVE-2010-4161: Deadlock in socket queue subsystem.
Installing [oz6k77bm] CVE-2010-3859: Heap overflow vulnerability in TIPC protocol.
Installing [uzil3ohn] CVE-2010-3296: Kernel information leak in cxgb driver.
Installing [wr9nr8zt] CVE-2010-3877: Kernel information leak in tipc driver.
Installing [5wrnhakw] CVE-2010-4073: Kernel information leaks in ipc compat subsystem.
Installing [hnbz3ppf] Integer overflow in sys_remap_file_pages.
Installing [oxczcczj] CVE-2010-4258: Failure to revert address limit override after oops.
Installing [t44v13q4] CVE-2010-4075: Kernel information leak in serial core.
Installing [8p4jsino] CVE-2010-4080 and CVE-2010-4081: Information leaks in sound drivers.
Installing [3raind7m] CVE-2010-4243: Denial of service due to wrong execve memory accounting.
Installing [od2bcdwj] CVE-2010-4158: Kernel information leak in socket filters.
Installing [zbxtr4my] CVE-2010-4526: Remote denial of service vulnerability in SCTP.
Installing [mscc8dnf] CVE-2010-4655: Information leak in ethtool_get_regs.
Installing [8r9231h7] CVE-2010-4249: Local denial of service vulnerability in UNIX sockets.
Installing [2lhgep6i] Panic in kfree() due to race condition in acpi_bus_receive_event.
Installing [uaypv955] Fix connection timeouts due to shrinking tcp window with window scaling.
Installing [7klbps5h] CVE-2010-1188: Use after free bug in tcp_rcv_state_process.
Installing [u340317o] CVE-2011-1478: NULL dereference in GRO with promiscuous mode.
Installing [ttqhpxux] CVE-2010-4346: mmap_min_addr bypass in install_special_mapping.
Installing [ifgdet83] Use-after-free in MPT driver.
Installing [2n7dcbk9] CVE-2011-1010: Denial of service parsing malformed Mac OS partition tables.
Installing [cy964b8w] CVE-2011-1090: Denial of Service in NFSv4 client.
Installing [6e28ii3e] CVE-2011-1079: Missing validation in bnep_sock_ioctl.
Installing [gw5pjusn] CVE-2011-1093: Remote Denial of Service in DCCP.
Installing [23obo960] CVE-2011-0726: Information leak in /proc/[pid]/stat.
Installing [pbxuj96b] CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172: Information leaks in netfilter.
Installing [9oepi0rc] Buffer overflow in iptables CLUSTERIP target.
Installing [nguvvw6h] CVE-2011-1163: Kernel information leak parsing malformed OSF partition tables.
Installing [8v9d3ton] USB Audio regression introduced by CVE-2010-1083 fix.
Installing [jz43fdgc] Denial of service in NFS server via reference count leak.
Installing [h860edrq] Fix a packet flood when initializing a bridge device without STP.
Installing [3xcb5ffu] CVE-2011-1577: Missing boundary checks in GPT partition handling.
Installing [wvcxkbxq] CVE-2011-1078: Information leak in Bluetooth sco.
Installing [n5a8jgv9] CVE-2011-1494, CVE-2011-1495: Privilege escalation in LSI MPT Fusion SAS 2.0 driver.
Installing [3t5fgeqc] CVE-2011-1576: Denial of service with VLAN packets and GRO.
Installing [qsvqaynq] CVE-2011-0711: Information leak in XFS filesystem.
Installing [m1egxmrj] CVE-2011-1573: Remote denial of service in SCTP.
Installing [fexakgig] CVE-2011-1776: Missing validation for GPT partitions.
Installing [rrnm0hzm] CVE-2011-0695: Remote denial of service in InfiniBand setup.
Installing [c50ijj1f] CVE-2010-4649, CVE-2011-1044: Buffer overflow in InfiniBand uverb handling.
Installing [eywxeqve] CVE-2011-1745, CVE-2011-2022: Privilege escalation in AGP subsystem.
Installing [u83h3kej] CVE-2011-1746: Integer overflow in agp_allocate_memory.
Installing [kcmghb3m] CVE-2011-1593: Denial of service in next_pidmap.
Installing [s113zod3] CVE-2011-1182: Missing validation check in signals implementation.
Installing [2xn5hnvr] CVE-2011-2213: Denial of service in inet_diag_bc_audit.
Installing [fznr6cbr] CVE-2011-2492: Information leak in bluetooth implementation.
Installing [nzhpmyaa] CVE-2011-2525: Denial of Service in packet scheduler API
Installing [djng1uvs] CVE-2011-2482: Remote denial of service vulnerability in SCTP.
Installing [mbg8auhk] CVE-2011-2495: Information leak in /proc/PID/io.
Installing [ofrder8l] Hangs using direct I/O with XFS filesystem.
Installing [tqkgmwz7] CVE-2011-2491: Local denial of service in NLM subsystem.
Installing [wkw7j4ov] CVE-2011-1160: Information leak in tpm driver.
Installing [1f4r424i] CVE-2011-1585: Authentication bypass in CIFS.
Installing [kr0lofug] CVE-2011-2484: Denial of service in taskstats subsystem.
Installing [zm5fxh2c] CVE-2011-2496: Local denial of service in mremap().
Installing [4f8zud01] CVE-2009-4067: Buffer overflow in Auerswald usb driver.
Installing [qgzezhlj] CVE-2011-2695: Off-by-one errors in the ext4 filesystem.
Installing [fy2peril] CVE-2011-2699: Predictable IPv6 fragment identification numbers.
Installing [idapn9ej] CVE-2011-2723: Remote denial of service vulnerability in gro.
Installing [i1q0saw7] CVE-2011-1833: Information disclosure in eCryptfs.
Installing [uqv087lb] CVE-2011-3191: Memory corruption in CIFSFindNext.
Installing [drz5ixw2] CVE-2011-3209: Denial of Service in clock implementation.
Installing [2zawfk0b] CVE-2011-3188: Weak TCP sequence number generation.
Installing [7gkvlyfi] CVE-2011-3363: Remote denial of service in cifs_mount.
Installing [8einfy3y] CVE-2011-4110: Null pointer dereference in key subsystem.
Installing [w9l57w7p] CVE-2011-1162: Information leak in TPM driver.
Installing [hl96s86z] CVE-2011-2494: Information leak in task/process statistics.
Installing [5vsbttwa] CVE-2011-2203: Null pointer dereference mounting HFS filesystems.
Installing [ycoswcar] CVE-2011-4077: Buffer overflow in xfs_readlink.
Installing [rw8qiogc] CVE-2011-4132: Denial of service in Journaling Block Device layer.
Installing [erniwich] CVE-2011-4330: Buffer overflow in HFS file name translation logic.
Installing [q6rd6uku] CVE-2011-4324: Denial of service vulnerability in NFSv4.
Installing [vryc0xqm] CVE-2011-4325: Denial of service in NFS direct-io.
Installing [keb8azcn] CVE-2011-4348: Socket locking race in SCTP.
Installing [yvevd42a] CVE-2011-1020, CVE-2011-3637: Information leak, DoS in /proc.
Installing [thzrtiaw] CVE-2011-4086: Denial of service in journaling block device.
Installing [y5efh27f] CVE-2012-0028: Privilege escalation in user-space futexes.
Installing [wxdx4x4i] CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.
Installing [cd2g2hvz] CVE-2011-4127: KVM privilege escalation through insufficient validation in SG_IO ioctl.
Installing [aqo49k28] CVE-2011-1083: Algorithmic denial of service in epoll.
Installing [uknrp2eo] Denial of service in filesystem unmounting.
Installing [97u6urvt] Soft lockup in USB ACM driver.
Installing [01uynm3o] CVE-2012-1583: use-after-free in IPv6 tunneling.
Installing [loizuvxu] Kernel crash in Ethernet bridging netfilter module.
Installing [yc146ytc] Unresponsive I/O using QLA2XXX driver.
Installing [t92tukl1] CVE-2012-2136: Privilege escalation in TUN/TAP virtual device.
Installing [aldzpxho] CVE-2012-3375: Denial of service due to epoll resource leak in error path.
Installing [bvoz27gv] Arithmetic overflow in clock source calculations.
Installing [lzwurn1u] ext4 filesystem corruption on fallocate.
Installing [o9b62qf6] CVE-2012-2313: Privilege escalation in the dl2k NIC.
Installing [9do532u6] Kernel panic when overcommiting memory with NFSd.
Installing [zf95qrnx] CVE-2012-2319: Buffer overflow mounting corrupted hfs filesystem.
Installing [fx2rxv2q] CVE-2012-3430: kernel information leak in RDS sockets.
Installing [wo638apk] CVE-2012-2100: Divide-by-zero mounting an ext4 filesystem.
Installing [ivl1wsvt] CVE-2012-2372: Denial of service in Reliable Datagram Sockets protocol.
Installing [xl2q6gwk] CVE-2012-3552: Denial-of-service in IP options handling.
Installing [l093jvcl] Kernel panic in SMB extended attributes.
Installing [qlzoyvty] Kernel panic in ext3 indirect blocks.
Installing [8lj9n3i6] CVE-2012-1568: A predictable base address with shared libraries and ASLR.
Installing [qn1rqea3] CVE-2012-4444: Prohibit reassembling IPv6 fragments when some data overlaps.
Installing [wed7w5th] CVE-2012-3400: Buffer overflow in UDF parsing.
Installing [n2dqx9n3] CVE-2013-0268: /dev/cpu/*/msr local privilege escalation.
Installing [p8oacpis] CVE-2013-0871: Privilege escalation in PTRACE_SETREGS.
Installing [cbdr6azh] CVE-2012-6537: Kernel information leaks in network transformation subsystem.
Installing [1qz0f4lv] CVE-2013-1826: NULL pointer dereference in XFRM buffer size mismatch.
Installing [s0q68mb1] CVE-2012-6547: Kernel stack leak from TUN ioctls.
Installing [s1c6y3ee] CVE-2012-6546: Information leak in ATM sockets.
Installing [2zzz6cqb] Data corruption on NFSv3/v2 short reads.
Installing [kfav9h9d] CVE-2012-6545: Information leak in Bluetooth RFCOMM socket name.
Installing [coeq937e] CVE-2013-3222: Kernel stack information leak in ATM sockets.
Installing [43shl6vr] CVE-2013-3224: Kernel stack information leak in Bluetooth sockets.
Installing [whoojewf] CVE-2013-3235: Kernel stack information leak in TIPC protocol.
Installing [7vap7ys6] CVE-2012-6544: Information leak in Bluetooth L2CAP socket name.
Installing [0xjd0c1r] CVE-2013-0914: Information leak in signal handlers.
Installing [l2925frf] CVE-2013-2147: Kernel memory leak in Compaq Smart Array controllers.
Installing [lt4qe1dr] CVE-2013-2164: Kernel information leak in the CDROM driver.
Installing [7fkc8czu] CVE-2013-2234: Information leak in IPsec key management.
Installing [0t3omxv5] CVE-2013-2237: Information leak on IPSec key socket.
Installing [e1jtiocl] CVE-2013-2232: Memory corruption in IPv6 routing cache.
Installing [f0bqnvc1] CVE-2013-2206: NULL pointer dereference in SCTP duplicate cookie handling.
Installing [v188ww9y] CVE-2013-2141: Information leak in tkill() and tgkill() system calls.
Installing [0amslrok] CVE-2013-4162: Denial-of-service with IPv6 sockets with UDP_CORK.
Installing [s4w6qq7g] CVE-2012-3511: Use-after-free due to race condition in madvise.
Installing [kvnlhbh1] CVE-2012-4398: Denial-of-service in kernel module loading.
Installing [k77237db] CVE-2013-4299: Information leak in device mapper persistent snapshots.
Installing [ekv19fgd] CVE-2013-4345: Off-by-one in the ANSI Crypto RNG.
Installing [pl4pqen7] CVE-2013-0343: Denial of service in IPv6 privacy extensions.
Installing [ku36xnjx] Incorrect handling of SCSI scatter-gather list mapping failures.
Installing [9jc4vajb] CVE-2013-6383: Missing capability check in AAC RAID compatibility ioctl.
Installing [66nk6gwh] CVE-2013-2929: Incorrect permissions check in ptrace with dropped privileges.
Installing [1vays5jg] CVE-2013-7263: Information leak in IPv4 and IPv6 socket recvmsg.
Installing [g8wy6r2k] CVE-2013-4483: Denial-of-service in IPC subsystem when taking a reference count.
Installing [617yrxdl] CVE-2012-6638: Denial-of-service in TCP's SYN+FIN messages.
Installing [pp6j74s7] CVE-2013-2888: Kernel memory corruption flaw via oversize HID report id.
Installing [pz65qqpk] Panic in GFS2 filesystem locking code.
Installing [p4focqhi] CVE-2014-1737, CVE-2014-1738: Local privilege escalation in floppy ioctl.
Installing [6w9u3383] CVE-2013-7339: NULL pointer dereference in RDS socket binding.
Installing [xqpvy7zh] CVE-2014-4699: Privilege escalation in ptrace() RIP modification.
Installing [ghkc42rj] CVE-2014-2678: NULL pointer dereference in RDS protocol when binding.
Installing [g4qbxm30] CVE-2014-3917: Denial-of-service and information leak in audit syscall subsystem.
Installing [eit799o3] Memory leak in GFS2 filesystem for files with short lifespan.
Your kernel is fully up to date.
Effective kernel version is 2.6.18-398.el5

real	0m59.447s
user	0m22.640s
sys	0m22.611s
1 minute for 215 updates. And this isn't one minute of hang, it applies each patch and just takes a few microseconds to apply. So your applications or users won't experience hangs or hickups at all.

Information about SSL “Poodle” vulnerability CVE-2014-3566

Oracle Security Team - Wed, 2014-10-15 12:09

Hello, this is Eric Maurice.

A security vulnerability affecting Secure Socket Layer (SSL) v3.0 was recently publicly disclosed (Padding Oracle On Downgraded Legacy Encryption, or “Poodle”). This vulnerability is the result of a design flaw in SSL v3.0. Note that this vulnerability does not affect TLS and is limited to SSL 3.0, which is generally considered an obsolete protocol. A number of organizations, including OWASP previously advised against using this protocol, as weaknesses affecting it have been known for some time.

This “Poodle” vulnerability has received the identifier CVE-2014-3566.

A number of Oracle products do not support SSL v3.0 out of the box, while some Oracle products do provide for enabling SSL v3.0. Based on this vulnerability as well as the existence of other issues with this protocol, in instances when SSL v3.0 is supported but not needed, Oracle recommends permanently disabling SSL v3.0.

Normal 0 false false false EN-US X-NONE X-NONE

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Furthermore, Oracle is assessing the use of SSL v3.0 across its corporate systems and those managed on behalf of Oracle customers (e.g., Oracle Cloud). Oracle is actively deprecating the use of this protocol. In instances where Oracle identifies a possible impact to cloud customers, Oracle will work with the affected customers to determine the best course of action. Oracle recommends that cloud customers investigate their use of SSL v3.0 and discontinue to the extent possible the use of this protocol.

For more information, see the "Poodle Vulnerability CVE-2014-3566" page located on OTN at http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

Please look at latest Oct 2014 Oracle patching

Grumpy old DBA - Wed, 2014-10-15 11:23
This one looks like the real thing ... getting advice to "not skip" the patching process for a whole bunch of things included here.

I'm just saying ...
Categories: DBA Blogs

The Next-Generation of Accounts Payable Processing is Here

WebCenter Team - Wed, 2014-10-15 09:25

Automate 80% of invoice processing, eliminating paper, manual data entry and associated errors - while optimizing cash management, accruals and financial statement accuracy.

Learn more about Accounts Payable Processing and AP Process Automation!

Webcast: The Next-Generation of Accounts Payable Processing is Here

Learn how A/P Process Automation can deliver significant results in terms of cost savings, processing time and resource efficiency to your existing Oracle and non-Oracle ERP applications.

Patching Time

Jeremy Schneider - Wed, 2014-10-15 09:17

Just a quick note to point out that the October PSU was just released. The database has a few more vulnerabilities than usual (31), but they are mostly related to Java and the high CVSS score of 9 only applies to people running Oracle on windows. (On other operating systems, the highest score is 6.5.)

I did happen to glance at the announcement on the security blog, and I thought this short blurb was worth repeating:

In today’s Critical Patch Update Advisory, you will see a stronger than previously-used statement about the importance of applying security patches. Even though Oracle has consistently tried to encourage customers to apply Critical Patch Updates on a timely basis and recommended customers remain on actively-supported versions, Oracle continues to receive credible reports of attempts to exploit vulnerabilities for which fixes have been already published by Oracle. In many instances, these fixes were published by Oracle years ago, but their non-application by customers, particularly against Internet-facing systems, results in dangerous exposure for these customers. Keeping up with security releases is a good security practice and good IT governance.

The Oracle Database was first released in a different age than we live in today. Ordering physical parts involved navigating paper catalogs and faxing order sheets to the supplier. Physical inventory management relied heavily on notebooks and clipboards. Mainframes were processing data but manufacturing and supply chain had not yet been revolutionized by technology. Likewise, software base installs and upgrades were shipped on CDs through the mail and installed via physical consoles. The feedback cycle incorporating customer requests into software features took years.

Today, manufacturing is lean and the supply chain is digitized. Inventory is managed with the help of scanners and real-time analytics. Customer communication is more streamlined than ever before and developers respond quickly to the market. Bugs are exploited maliciously as soon as they’re discovered and the software development and delivery process has been optimized for fast response and rapid digital delivery of fixes.

Here’s the puzzle: Cell phones, web browsers and laptop operating systems all get security updates installed frequently. Even the linux OS running on your servers is easy to update with security patches. Oracle is no exception – they have streamlined delivery of database patches through the quarterly PSU program. Why do so many people simply ignore the whole area of Oracle database patches? Are we stuck in the old age of infrequent patching activity even though Oracle themselves have moved on?

Repetition

For many, it just seems overwhelming to think about patching. And honestly – it is. At first. The key is actually a little counter-intuitive: it’s painful, so you should in fact do it a lot! Believe it or not, it will actually become very easy once you get over the initial hump.

In my experience working at one small org (two dba’s), the key is doing it regularly. Lots of practice. You keep decent notes and setup scripts/tools where it makes sense and then you start to get a lot faster after several times around. By the way, my thinking has been influenced quite a bit here by the devops movement (like Jez Humble’s ’12 berlin talk and John Allspaw’s ’09 velocity talk). I think they have a nice articulation of this basic repetition principle. And it is very relevant to people who have Oracle databases.

So with all that said, happy patching! I know that I’ll be working with these PSUs over the next week or two. I hope that you’ll be working with them too!

Oracle fanboy and blind to the truth?

Tim Hall - Wed, 2014-10-15 02:46

I had a little exchange with someone on Twitter last night, which was initiated by him complaining about the cost of Oracle and predicting their demise. Once that was over I spent a little time thinking about my “fanboy status”.

If you know anything about me, you will know I’m an Oracle fanboy. I’ve spent nearly 20 years doing this stuff and the last 14+ years writing about it on the internet. If I wasn’t into it, it would be a pretty sorry state of affairs. So does that mean I’m totally blinded like all those Apple fanboys and fangirls? No. I just don’t choose to dwell on a lot of the negative and instead focus on the positive, like the cool bits of tech. The common topics I hear are:

  • Oracle costs too much : I could bleat on about the cost of Oracle and what features are missing from specific editions, but quite frankly that is boring. Unless you’ve been under a rock for the last 35+ years you should know the score. If it’s got the name Oracle associated with it, it’s probably going to be really expensive. That’s why people’s jaws drop when they find out Oracle Linux is free. They are just not used to hearing the words Oracle and free in the same sentence. If you want free or cheap, you can find it. What people often don’t consider is total cost of ownership. Nothing is ever free. The money just gets directed in different ways.
  • The cheap/free RDBMS products will kill Oracle : This talk has been going on since I started working with Oracle 20 years ago. It used to worry me. It doesn’t any more. So far it hasn’t materialized. Sure, different products have eaten into the market share somewhat and I’m sure that will continue to happen, but having a headstart over the competition can sometimes be a significant advantage. I work with other RDBMS products as well and it is sometimes infuriating how much is missing. I’m not talking about those headline Oracle features that 3 people in the world use. I’m talking about really simple stuff that is missing that makes being a DBA a total pain in the ass. Typically, these gaps have to be filled in by separate products or tools, which just complicates your environment.
  • It’s just a bit bucket : If your company is just using the database as a bit bucket and you do all the “cool” stuff in the middle tier, then Oracle databases are probably not the way to go for you. Your intellectual and financial focus will be on the middle tier. Good luck!
  • But company X use product Y, not Oracle : I’m so bored of this type of argument. Facebook use MySQL and PHP. Yes, but they wrote their own source code transformer (HipHop) to turn PHP into C++ and they use so much stuff in front of MySQL (like Memcached) that they could probably do what they do on top of flat files. Companies talk about their cool stuff and what makes them different. They are not so quick to talk about what is sitting behind the ERP that is running their business…
  • NoSQL/Hadoop/Document Stores will kill RDBMS : Have you ever had a real job in industry? Have you ever done anything other than try to write a twitter rip-off in Ruby for your school project? Do you know how long it took COBOL to die? (it still isn’t dead by the way). There is a massive investment in the I.T. industry around relational databases. I’m not saying they are the perfect solution, but they aren’t going anywhere in the near future. Good luck running your ERP on any of these non-RDBMS data stores! What has changed is that people now realise RDBMS is not the right solution for every type of data store. Using the right product for the right job is a good thing. There are still plenty of jobs where an RDBMS is the right tool.
  • The cloud will kill Oracle : The cloud could prove to be the biggest spanner in the works for many IT companies. If we start using cloud-based services for everything in the Software as a Service (SaaS) model, who cares what technology sits behind it? Provided our applications work and they meet our SLAs, who cares how many bodies are running around like headless chickens in the background to keep the thing running? For Platform as a Service (PaaS) and Infrastructure as a Service (IaaS), I don’t think cloud makes so much of a difference. In these cases, you are still picking the type of database or the type of OS you need. They are not hidden from you like in the SaaS model. I guess the impact of cloud will depend on your definition of cloud and route the market eventually takes. What people also seem to forget is the big winners in the cloud game will be the big companies. When the world is only using SaaS, you are going to have to work for Amazon, Oracle, Microsoft etc. if you want to be a techie. The ultimate goal of cloud is consolidation and centralisation, so you will have to work for one of these big players if you want to be anything other than a user. I find it interesting that people are betting on the cloud as a way of punishing the big companies, when actually it is likely to help them and put us folks out of business…

The post has got a bit long an tedious, so I’m going to sign off now.

In conclusion, yes I’m a fanboy, but I’m not oblivious to what’s going on outside Oracle. I like playing with the tech and I try to look on the positive side where my job-related technology is concerned. If I focussed on the negative I would have to assume that Oracle is doomed and we will all die of Ebola by the end of the week…

Cheers

Tim…

 

Oracle fanboy and blind to the truth? was first posted on October 15, 2014 at 9:46 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Oracle system statistics: Display AUX_STATS$ with calculated values and formulas

Yann Neuhaus - Wed, 2014-10-15 01:13

System statistics can be gathered in NOWORKLOAD or WORKLOAD mode. Different values will be set depending on that and the others will be calculated - derived from them. We can see defined values from SYS.AUX_STATS$ but here is a script that shows the calculated ones as well.

With no system statistics or NOWORKLOAD the values of IOSEEKTIM (latency in ms) and IOTFRSPEED (transfer in bytes/ms) are set and the SREADTIM (time to read 1 block in ms) and MREADTIM (for multiblock read) are calculated from them. MBRC depends on the defaults or the db_file_multiblock_read_count settings.

With WORKLOAD statistics, the SREADTIM and MREADTIM as well as MBRC are measured and those are the ones that are used by the optimizer.

Here is my script:

set echo off
set linesize 200 pagesize 1000
column pname format a30
column sname format a20
column pval2 format a20

select pname,pval1,calculated,formula from sys.aux_stats$ where sname='SYSSTATS_MAIN'
model
  reference sga on (
    select name,value from v$sga 
        ) dimension by (name) measures(value)
  reference parameter on (
    select name,decode(type,3,to_number(value)) value from v$parameter where name='db_file_multiblock_read_count' and ismodified!='FALSE'
    union all
    select name,decode(type,3,to_number(value)) value from v$parameter where name='sessions'
    union all
    select name,decode(type,3,to_number(value)) value from v$parameter where name='db_block_size'
        ) dimension by (name) measures(value)
partition by (sname) dimension by (pname) measures (pval1,pval2,cast(null as number) as calculated,cast(null as varchar2(60)) as formula) rules(
  calculated['MBRC']=coalesce(pval1['MBRC'],parameter.value['db_file_multiblock_read_count'],parameter.value['_db_file_optimizer_read_count'],8),
  calculated['MREADTIM']=coalesce(pval1['MREADTIM'],pval1['IOSEEKTIM'] + (parameter.value['db_block_size'] * calculated['MBRC'] ) / pval1['IOTFRSPEED']),
  calculated['SREADTIM']=coalesce(pval1['SREADTIM'],pval1['IOSEEKTIM'] + parameter.value['db_block_size'] / pval1['IOTFRSPEED']),
  calculated['   multi block Cost per block']=round(1/calculated['MBRC']*calculated['MREADTIM']/calculated['SREADTIM'],4),
  calculated['   single block Cost per block']=1,
  formula['MBRC']=case when pval1['MBRC'] is not null then 'MBRC' when parameter.value['db_file_multiblock_read_count'] is not null then 'db_file_multiblock_read_count' when parameter.value['_db_file_optimizer_read_count'] is not null then '_db_file_optimizer_read_count' else '= _db_file_optimizer_read_count' end,
  formula['MREADTIM']=case when pval1['MREADTIM'] is null then '= IOSEEKTIM + db_block_size * MBRC / IOTFRSPEED' end,
  formula['SREADTIM']=case when pval1['SREADTIM'] is null then '= IOSEEKTIM + db_block_size        / IOTFRSPEED' end,
  formula['   multi block Cost per block']='= 1/MBRC * MREADTIM/SREADTIM',
  formula['   single block Cost per block']='by definition',
  calculated['   maximum mbrc']=sga.value['Database Buffers']/(parameter.value['db_block_size']*parameter.value['sessions']),
  formula['   maximum mbrc']='= buffer cache size in blocks / sessions'
);
set echo on

Here is an exemple with default statistics:

PNAME                               PVAL1 CALCULATED FORMULA
------------------------------ ---------- ---------- --------------------------------------------------
CPUSPEEDNW                           1519
IOSEEKTIM                              10
IOTFRSPEED                           4096
SREADTIM                                          12 = IOSEEKTIM + db_block_size        / IOTFRSPEED
MREADTIM                                          26 = IOSEEKTIM + db_block_size * MBRC / IOTFRSPEED
CPUSPEED
MBRC                                               8 = _db_file_optimizer_read_count
MAXTHR
SLAVETHR
   maximum mbrc                           117.152542 = buffer cache size in blocks / sessions
   single block Cost per block                     1 by definition
   multi block Cost per block                  .2708 = 1/MBRC * MREADTIM/SREADTIM

You see the calculated values for everything. Note the 'maximum mbrc' which limits the multiblock reads when the buffer cache is small. It divides the buffer cache size (at startup - can depend on ASMM and AMM settings) by the sessions parameter.

Here is an example with workload system statistics gathering:

PNAME                               PVAL1 CALCULATED FORMULA
------------------------------ ---------- ---------- --------------------------------------------------
CPUSPEEDNW                           1511
IOSEEKTIM                              15
IOTFRSPEED                           4096
SREADTIM                            1.178      1.178
MREADTIM                              .03        .03
CPUSPEED                             3004
MBRC                                    8          8 MBRC
MAXTHR                            6861824
SLAVETHR
   maximum mbrc                           114.983051 = buffer cache size in blocks / sessions
   single block Cost per block                     1 by definition
   multi block Cost per block                  .0032 = 1/MBRC * MREADTIM/SREADTIM

here all values are explicitely set

And an example with exadata system statistics that defines noworkload values and sets also the MBRC (see Chris Antognini post about it)

PNAME                               PVAL1 CALCULATED FORMULA
------------------------------ ---------- ---------- --------------------------------------------------
CPUSPEEDNW                           1539
IOSEEKTIM                              16
IOTFRSPEED                         204800
SREADTIM                                       16.04 = IOSEEKTIM + db_block_size        / IOTFRSPEED
MREADTIM                                       18.28 = IOSEEKTIM + db_block_size * MBRC / IOTFRSPEED
CPUSPEED
MBRC                                   57         57 MBRC
MAXTHR
SLAVETHR
   maximum mbrc                           114.983051 = buffer cache size in blocks / sessions
   single block Cost per block                     1 by definition
   multi block Cost per block                    .02 = 1/MBRC * MREADTIM/SREADTIM

And finaly here is a workload system statistics result but with explicitly setting the db_file_multiblock_read_count to 128:

PNAME                               PVAL1 CALCULATED FORMULA
------------------------------ ---------- ---------- --------------------------------------------------
CPUSPEEDNW                           1539
IOSEEKTIM                              15
IOTFRSPEED                           4096
SREADTIM                                          17 = IOSEEKTIM + db_block_size        / IOTFRSPEED
MREADTIM                                         271 = IOSEEKTIM + db_block_size * MBRC / IOTFRSPEED
CPUSPEED
MBRC                                             128 db_file_multiblock_read_count
MAXTHR
SLAVETHR
   maximum mbrc                           114.983051 = buffer cache size in blocks / sessions
   single block Cost per block                     1 by definition
   multi block Cost per block                  .1245 = 1/MBRC * MREADTIM/SREADTIM

Here you see that the MBRC in noworkload is coming from the value which is set by the db_file_multiblock_read_count rather from the value 8 which is used by default by the optimizer when it is not set. And the MREADTIM is calculated from that i/o size

For more historical information about system statistics and how multiblock reads are costed (index vs. full table scan choice) see my article on latest OracleScene

As usual if you find anything to improve in that script, please share.