Oracle updated products suffering from the variants of the Spectre and Meltdown vulnerabilities.
Intel, AMD, ARM, IBM, Microsoft and other major tech companies last month coordinated the disclosure of two new variants of Meltdown and Spectre.
One of them, Variant 4, relies on a side-channel vulnerability called Speculative Store Bypass (SSB) and it has been assigned the identifier CVE-2018-3639. The second flaw, tracked as Variant 3a and CVE-2018-3640, is a Rogue System Register Read issue first documented by ARM back in January.
“Oracle has just released the required software updates for Oracle Linux and Oracle VM along with the microcode recently released by Intel for certain x86 platforms,” said Eric Maurice, director of security assurance at Oracle, in a post. Oracle will continue to release new microcode updates and firmware patches as production microcode becomes available from Intel.”
Variant 4 and Variant 3a have been rated “medium severity” and exploitation requires local access to the targeted system, Maurice said.
Oracle said Variant 4 impacts Oracle Linux versions 6 and 7, and Oracle VM 3.4.
Oracle patched the initial Meltdown and Spectre vulnerabilities in many of its products with the release of the January 2018 Critical Patch Update.