Recently a new Linux vulnerability has been found its called Venom Vulnerability - CVE-2015-3456. The details are documented on My Oracle Support Doc ID 2011997.1.
Details on the Venom vulnerability are as follows which is documented in in the Oracle Linux CVE URL http://linux.oracle.com/cve/CVE-2015-3456.html
"An out-of-bounds memory access flaw was found in the way QEMU's
virtual Floppy Disk Controller (FDC) handled FIFO buffer access while
processing certain FDC commands. A privileged guest user could use this
flaw to crash the guest or, potentially, execute arbitrary code on the
host with the privileges of the host's QEMU process corresponding to the
guest."
Please note The issue listed here only affects Oracle Database Machine database
servers running Oracle VM (OVM). Database servers running physical
installations (no OVM) and Exadata storage cells are not vulnerable.
The following My Oracle Support document is also very useful. It contains updated information on impacts to Oracle Exadata based on Security issues and Common Vulnerabilities and Exposures (CVE) reported against Linux. There is a complete table with all of the CVE information and a link to the Oracle Support document with the fix for the issue as well.
Responses to common Exadata security scan findings (Doc ID 1405320.1)
No comments:
Post a Comment