No results found

Your search did not match any results.

Oracle VM Server for x86 Bulletin - January 2017

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin fixes as soon as possible.

Patch Availability

Please see ULN Advisory http://linux.oracle.com/ovm-bulletin-pad

Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 18 April 2017
  • 18 July 2017
  • 17 October 2017
  • 16 January 2018

References

Modification History

2017-March-17 Rev 3. New CVEs added.
2017-February-17 Rev 2. New CVEs added.
2017-January-17 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 48 new security fixes for the Oracle VM Server for x86. 22 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle VM Server for x86 Risk Matrix

Revision 3: Published on 2017-03-17

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2017-6074 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.8 Local Low Single Complete Complete Complete 3.2,3.3,3.4
CVE-2017-2615 Oracle VM Server for x86 qemu-kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 3.4
CVE-2017-2620 Oracle VM Server for x86 qemu-kvm No 4.9 Adjacent network Medium Single Partial Partial Partial 3.4
CVE-2016-8610 Oracle VM Server for x86 openssl Yes 4.3 Network Medium None None None Partial 3.3,3.4
CVE-2016-2857 Oracle VM Server for x86 qemu-kvm No 4.3 Adjacent network Medium None Partial None Partial 3.4
CVE-2017-3731 Oracle VM Server for x86 openssl Yes 0.0 Network Undefined None None None None 3.3,3.4

Revision 2: Published on 2017-02-17

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2016-9083 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 3.4
CVE-2016-6662 Oracle VM Server for x86 mysql No 7.1 Network High Single Complete Complete Complete 3.3,3.4
CVE-2016-9576 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.2 Local High None Complete Complete Complete 3.4
CVE-2015-8870 Oracle VM Server for x86 libtiff Yes 5.8 Network Medium None Partial None Partial 3.3,3.4
CVE-2016-9310 Oracle VM Server for x86 ntp Yes 5.8 Network Medium None Partial None Partial 3.3,3.4
CVE-2016-8630 Oracle VM Server for x86 Unbreakable Enterprise kernel No 5.2 Adjacent network Medium Single None None Complete 3.4
CVE-2016-5652 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9533 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9534 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9535 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9536 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9537 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9540 Oracle VM Server for x86 libtiff Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-9147 Oracle VM Server for x86 bind Yes 5.0 Network Low None None None Partial 3.2,3.3,3.4
CVE-2016-8646 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.7 Local Medium None None None Complete 3.2,3.3,3.4
CVE-2013-7446 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.6 Local Low None Partial Partial Partial 3.2,3.3
CVE-2016-7426 Oracle VM Server for x86 ntp Yes 4.3 Network Medium None None None Partial 3.3,3.4
CVE-2016-9311 Oracle VM Server for x86 ntp Yes 4.3 Network Medium None None None Partial 3.3,3.4
CVE-2016-5616 Oracle VM Server for x86 mysql No 3.5 Local High Single Partial Partial Partial 3.3,3.4
CVE-2016-6663 Oracle VM Server for x86 mysql No 3.5 Local High Single Partial Partial Partial 3.3,3.4
CVE-2016-9084 Oracle VM Server for x86 Unbreakable Enterprise kernel No 3.3 Local Medium None None Partial Partial 3.4
CVE-2015-1420 Oracle VM Server for x86 Unbreakable Enterprise kernel No 2.6 Local High None Partial Partial None 3.2
CVE-2016-7429 Oracle VM Server for x86 ntp Yes 2.6 Network High None None None Partial 3.3,3.4
CVE-2016-4482 Oracle VM Server for x86 Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 3.2,3.3,3.4
CVE-2016-4485 Oracle VM Server for x86 Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 3.2,3.3,3.4
CVE-2016-7433 Oracle VM Server for x86 ntp No 1.2 Local High None None None Partial 3.3,3.4

Revision 1: Published on 2017-01-17

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2016-7117 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 7.6 Network High None Complete Complete Complete 3.2,3.3,3.4
CVE-2016-8666 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 7.1 Network Medium None None None Complete 3.4
CVE-2016-9793 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 3.2,3.3,3.4
CVE-2016-1248 Oracle VM Server for x86 vim Yes 6.8 Network Medium None Partial Partial Partial 3.3,3.4
CVE-2016-8655 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.6 Local Medium Single Complete Complete Complete 3.3,3.4
CVE-2016-9794 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.3 Local Medium None None Complete Complete 3.2,3.3,3.4
CVE-2016-10024 Oracle VM Server for x86 xen No 6.3 Network Medium Single None None Complete 3.2,3.3,3.4
CVE-2016-10013 Oracle VM Server for x86 xen No 6.2 Local High None Complete Complete Complete 3.2,3.3,3.4
CVE-2016-3157 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.0 Network Medium Single Partial Partial Partial 3.2,3.3
CVE-2016-7979 Oracle VM Server for x86 ghostscript Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-8602 Oracle VM Server for x86 ghostscript Yes 5.1 Network High None Partial Partial Partial 3.3,3.4
CVE-2016-7042 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.9 Local Low None None None Complete 3.2,3.3,3.4
CVE-2016-9806 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.7 Local Medium None None None Complete 3.4
CVE-2013-5653 Oracle VM Server for x86 ghostscript Yes 4.3 Network Medium None Partial None None 3.3,3.4
CVE-2016-7977 Oracle VM Server for x86 ghostscript Yes 4.3 Network Medium None Partial None None 3.3,3.4
CVE-2016-6828 Oracle VM Server for x86 Unbreakable Enterprise kernel No 3.6 Local Low None None Partial Partial 3.2,3.3,3.4