Oracle: Unbreak my Linux Heart

Dell Community notified us that you can now install Ubuntu Server Edition on its servers. While they won't factory-install it and Dell support itself will not support it, Dell has worked with Canonical for the past 2 years to support it. Canonical will be offering support for Ubuntu on Dell servers. To make support easier, Dell has built a native .deb package of OMSA 6.3 on Ubuntu 9.10.

At OpenWorld, Oracle announced an Oracle optimized Linux kernel that is upto 75% faster than the bundled Red Hat kernel. But what's the catch? Well, it's simply a 2.6.32-based kernel , tweaked and tuned for Oracle software. Here's how to get it , if you want to. And LWN has a more detailed technical description of the changes from the mainstream kernel . Basically, the kernel optimizes communication: network (InfiniBand, 10Gb Ethernet), storage (SSD, Flash memory) and memory ( NUMA ). It optimizes drivers and reduces complexity in the kernel (i.e. remove unused drivers and so on). And considering the compatibility issue, here is Oracle's claim: "Third-party applications that run on RHEL 5 should run unchanged on Oracle Linux with the Unbreakable Enterprise Kernel , while delivering significant performance and reliability improvements for end users." Good reads are CIOupdate and PCWorld

A recent article on Linux security showed that an old backdoor (cve-2007-4573) , patched in kernel 2.6.22.7, has resurfaced . Using the leak, any user that has a local user account on a 64 bit server, can easily get root rights, using the compatibility layer. While I don't fully understand the workings, I do understand that all OEL4/OEL5 64 bit servers are potentially harmed as they have kernels 2.6.9 and 2.6.18, resp. So I logged a SR on Metalink to see if I have a big security issue in the data center. Update: CVE-2007-4573 has been renamed CVE-2010-3301 and RHEL states : This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not contain the upstream commit d4d67150 that introduced this flaw. Update2: the issue is also listed as CVE-2010-3081 , which is slightly different and Red Hat does track this one, as it affects RHEL5 . Update3: Ksplice has a test available to verify your syste...