No results found

Your search did not match any results.

Oracle VM Server for x86 Bulletin - October 2019

 

Description

The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin. Oracle VM Server for x86 Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle VM Server for x86 Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle VM Server for x86 Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ovm-bulletin-pad

 

Oracle VM Server for x86 Bulletin Schedule

Oracle VM Server for x86 Bulletins are released on the Tuesday closest to the 17th day of January, April, July and October. The next four dates are:

  • 14 January 2020
  • 14 April 2020
  • 14 July 2020
  • 20 October 2020

References

 

Modification History

Date Note
2019-October-15 Rev 1. Initial Release

Oracle VM Server for x86 Executive Summary

This Oracle VM Server for x86 Bulletin contains 5 new security patches for the Oracle VM Server for x86.  2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. 

Oracle VM Server for x86 Risk Matrix

Revision 1: Published on 2019-10-15

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base Score Access Vector Access Complexity Authen-
tication
Confiden-
tiality
Integrity Avail-
ability
CVE-2018-11806 Oracle VM Server for x86 qemu-kvm No 8.2 Local Low None High High High 3.4
CVE-2019-6778 Oracle VM Server for x86 qemu-kvm No 7.8 Local Low None High High High 3.4
CVE-2018-17962 Oracle VM Server for x86 qemu-kvm Yes 7.5 Network Low None None None High 3.4
CVE-2019-12155 Oracle VM Server for x86 qemu-kvm Yes 7.5 Network Low None None None High 3.4
CVE-2018-10839 Oracle VM Server for x86 qemu-kvm No 6.5 Network Low Single None None High 3.4