No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.

 

Trending Questions

Oracle VM Server for x86 Bulletin - July 2017

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin fixes as soon as possible.

Patch Availability

Please see ULN Advisory http://linux.oracle.com/ovm-bulletin-pad

Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 17 October 2017
  • 16 January 2018
  • 17 April 2018
  • 17 July 2018

References

Modification History

2017-September-18 Rev 3. New CVEs added.
2017-August-18 Rev 2. New CVEs added.
2017-July-18 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 26 new security fixes for the Oracle VM Server for x86. 10 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.

Oracle VM Server for x86 Risk Matrix

Revision 3: Published on 2017-09-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2017-1000365 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 3.4
CVE-2017-12137 Oracle VM Server for x86 xen No 7.2 Local Low None Complete Complete Complete 3.2,3.3,3.4
CVE-2017-9776 Oracle VM Server for x86 poppler Yes 6.8 Network Medium None Partial Partial Partial 3.3,3.4
CVE-2016-6210 Oracle VM Server for x86 openssh Yes 5.0 Network Low None Partial None None 3.3,3.4
CVE-2017-12135 Oracle VM Server for x86 xen No 4.6 Local Low None Partial Partial Partial 3.2,3.3,3.4
CVE-2016-9685 Oracle VM Server for x86 Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 3.3
CVE-2017-12855 Oracle VM Server for x86 xen No 2.1 Local Low None Partial None None 3.2,3.3,3.4
CVE-2016-9604 Oracle VM Server for x86 Unbreakable Enterprise kernel No 1.2 Local High None None Partial None 3.3
CVE-2016-10200 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 3.3
CVE-2017-12134 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 3.4
CVE-2017-9242 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 3.3
CVE-2017-12136 Oracle VM Server for x86 xen Yes 0.0 Network Undefined None None None None 3.4

Revision 2: Published on 2017-08-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2017-1000363 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 3.4
CVE-2017-9077 Oracle VM Server for x86 Unbreakable Enterprise kernel No 7.2 Local Low None Complete Complete Complete 3.4
CVE-2017-1000368 Oracle VM Server for x86 sudo No 7.2 Local Low None Complete Complete Complete 3.2
CVE-2017-1000366 Oracle VM Server for x86 glibc No 6.2 Local High None Complete Complete Complete 3.2
CVE-2017-7273 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.6 Local Low None Partial Partial Partial 3.4
CVE-2016-6213 Oracle VM Server for x86 Unbreakable Enterprise kernel No 4.0 Local High None None None Complete 3.4
CVE-2016-7097 Oracle VM Server for x86 Unbreakable Enterprise kernel No 3.3 Local Medium None Partial Partial None 3.3
CVE-2017-1000380 Oracle VM Server for x86 Unbreakable Enterprise kernel No 2.1 Local Low None Partial None None 3.4
CVE-2016-9604 Oracle VM Server for x86 Unbreakable Enterprise kernel No 1.2 Local High None None Partial None 3.4
CVE-2016-10200 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 3.4
CVE-2017-7533 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 3.4
CVE-2017-9242 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 0.0 Network Undefined None None None None 3.4

Revision 1: Published on 2017-07-18

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­tication Confid­entiality Inte­grity Avail­ability
CVE-2017-1000368 Oracle VM Server for x86 sudo No 7.2 Local Low None Complete Complete Complete 3.3,3.4
CVE-2017-7645 Oracle VM Server for x86 Unbreakable Enterprise kernel Yes 7.1 Network Medium None None None Complete 3.2,3.3,3.4
CVE-2017-7477 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.9 Local Medium None Complete Complete Complete 3.4
CVE-2017-1000364 Oracle VM Server for x86 Unbreakable Enterprise kernel No 6.2 Local High None Complete Complete Complete 3.4
CVE-2017-1000366 Oracle VM Server for x86 glibc No 6.2 Local High None Complete Complete Complete 3.3,3.4
CVE-2017-3142 Oracle VM Server for x86 bind Yes 0.0 Network Undefined None None None None 3.3,3.4
CVE-2017-3143 Oracle VM Server for x86 bind Yes 0.0 Network Undefined None None None None 3.3,3.4