Oracle releases ODA patch for VENOM Vulnerability

You may have read about the VENOM vulnerability which applies to the Xen hypervisor and its derivatives, such as Oracle VM Server. This is just a quick note to say that today Oracle released a patch and instructions (MOS Doc ID 2011698.1) for how to apply it to ODA VP.

There has a discussion about this at . This vulnerability is only applicable where either an internet facing VM has been compromised by another method, or where VMs on your ODA are administered by people you don’t trust.

See the diagram below from CrowdStrike for the attack route:

VENOM attack illustration

Our recommendation for O-box customers is, unless you have very specific security requirements (such as PCI compliance) and your Oracle Traffic Director VM is ‘close to the internet’, to wait until the patch is included in a future ODA bundled patch set.

Comments are closed.