No results found

Your search did not match any results.

We suggest you try the following to help find what you're looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try “application” instead of “software.”
  • Try one of the popular searches shown below.
  • Start a new search.

 

Trending Questions

Oracle VM Server for x86 Bulletin - October 2018

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability fixes deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin fixes as soon as possible.

Patch Availability

Please see ULN Advisory http://linux.oracle.com/ovm-bulletin-pad

Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 15 January 2019
  • 16 April 2019
  • 16 July 2019
  • 15 October 2019

References

Modification History

2018-December-17 Rev 3. New CVEs added.
2018-November-19 Rev 2. New CVEs added.
2018-October-16 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 30 new security fixes for the Oracle VM Server for x86.  30 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle VM Server for x86 Risk Matrix

Revision 3: Published on 2018-12-17

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­ tication Confiden­ tiality Integrity Avail­ ability
CVE-2017-17805 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2017-17806 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-1000004 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-1000204 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-10902 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-13094 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-18386 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-18690 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-18710 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-7755 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-8043 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-16509 Oracle VM Server for x86 ghostscript Undefined 3.3,3.4

Revision 2: Published on 2018-11-19

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­ tication Confiden­ tiality Integrity Avail­ ability
CVE-2017-13168 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-7757 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-1000805 Oracle VM Server for x86 python-paramiko Undefined 3.3,3.4
CVE-2018-10981 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-10982 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-3620 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-3639 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-3665 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-7540 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-7541 Oracle VM Server for x86 xen Undefined 3.2,3.3
CVE-2018-8897 Oracle VM Server for x86 xen Undefined 3.2,3.3

Revision 1: Published on 2018-10-16

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen­ tication Confiden­ tiality Integrity Avail­ ability
CVE-2018-14634 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-17182 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-10911 Oracle VM Server for x86 glusterfs Undefined 3.4
CVE-2018-12384 Oracle VM Server for x86 nss Undefined 3.3,3.4
CVE-2017-13695 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-16658 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4
CVE-2018-5873 Oracle VM Server for x86 Unbreakable Enterprise kernel Undefined 3.4