Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Oracle patches buffer overflow bug VENOM

Oracle patches buffer overflow bug VENOM


Oracle has released a patch for the critical buffer overflow vulnerability (CVE-2015-3456), called VENOM that is impacting its products. Due to the severity of the bug in QEMU’s virtual Floppy Disk Controller (FDC), customers are strongly advised to apply the updates at the earliest. Oracle would be making the security alert available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. It is to be noted that VENOM impacts Oracle customers since vulnerable FDC code is included in various virtualization platforms and is used in some Oracle products  such as, VirtualBox 3.2, 4.0, 4.1, 4.2, and 4.3 (prior to 4.3.28); Oracle VM 2.2, 3.2 and 3.3; and Oracle Linux versions 5, 6 and 7.
 
Read More:
 
Source:
 
BBC World
 
Team Cymru
 
The Register
 
IT Security News
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis