Oracle Fixes More Spectre, Meltdown Issues

Monday, June 25, 2018 @ 03:06 PM gHale

Oracle updated products suffering from the variants of the Spectre and Meltdown vulnerabilities.

Intel, AMD, ARM, IBM, Microsoft and other major tech companies last month coordinated the disclosure of two new variants of Meltdown and Spectre.

RELATED STORIES
Oracle Access Manager Cyrptographic Hole
Attack Group Targets Healthcare, Manufacturing
How to Start a Security Program
Pipeline Firms Hit; Gas Still Flowing

One of them, Variant 4, relies on a side-channel vulnerability called Speculative Store Bypass (SSB) and it has been assigned the identifier CVE-2018-3639. The second flaw, tracked as Variant 3a and CVE-2018-3640, is a Rogue System Register Read issue first documented by ARM back in January.

“Oracle has just released the required software updates for Oracle Linux and Oracle VM along with the microcode recently released by Intel for certain x86 platforms,” said Eric Maurice, director of security assurance at Oracle, in a post. Oracle will continue to release new microcode updates and firmware patches as production microcode becomes available from Intel.”

Variant 4 and Variant 3a have been rated “medium severity” and exploitation requires local access to the targeted system, Maurice said.

Oracle said Variant 4 impacts Oracle Linux versions 6 and 7, and Oracle VM 3.4.

Oracle patched the initial Meltdown and Spectre vulnerabilities in many of its products with the release of the January 2018 Critical Patch Update.



Leave a Reply

You must be logged in to post a comment.