Oracle still silent on Meltdown, but lists patches for x86 servers among 233 new fixes Oracle still has nothing to say about whether the Meltdown or Spectre vulnerabilities are a problem for its hardware. Big Red today offered The Register another “no comment”, making it a notable absentee from the Intel’s list of x86 vendors’ advisories on how to handle the twin problems. Oracle of course also operates an x86 …
The Spectre and Meltdown patches have been available for Oracle Linux (UEK and Red Hat Compatibility Kernel) for over a week now. For their x86 systems that use Oracle Linux, the OS patches at least are available.
Meltdown is an Intel bug, so there are not reports of a Sparc vulnerability to this. Spectre is more general and seems likely to affect more architectures. See statements below.
Two quotes from an Oracle Support ticket, reported by a customer on this forum post.
https://community.oracle.com/thread/4110456?start=0&tstart=0
"...
Oracle is aware of the recently disclosed security vulnerabilities. Oracle is investigating the impact on the Oracle product line and will produce patches for any affected Oracle product.
Patches for affected Oracle products will be announced on the Critical Patch Update page at http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Oracle will not provide any additional information other than the patches announced in the mentioned CPU alerts.
We will not provide advanced notification or additional details about the security vulnerability. Please review the Oracle policies for more information:
+ Oracle Security Vulnerability Disclosure Policies
https://www.oracle.com/support/assurance/vulnerability-remediation/disclosure.html
+ Security Fixing Policies
https://www.oracle.com/support/assurance/vulnerability-remediation/security-fixing.html
Please check the CPU page including the Third Party Bulletin for updates. Solaris fixes (where applicable) will also be listed in the MOS note 1448883.1
As of this moment neither the CPU nor the Third Party Bulletin or the MOS note 1448883.1 is listing additional information about the recent issues and Oracle will not provide any further information here (as explained above).
..."
"...
Oracle has developed fixes addressing the Intel processor design flaws leading to vulnerabilities CVE-2017-5753, CVE-2017-5754, and CVE-2017-5715. Oracle will deliver those fixes, if applicable, in accordance with Oracle’s security update policies. WHEN: 17/01/2018 4pm CET (GMT+1)
..."
A single Google search reveals what they have already done, and why there have been no announcements prior to the regular quarterly Critical Patch Update (CPU) announcment...
Now we know why they lost the America's Cup that way. The skipper was desperately trying to use those applications to plan for the races...
Anyway cruise ships are now so large you need such kind of applications to manage everything and everyone on board. A couple of colleagues in a company I worked for usually had to take some short cruises when a new version was released, or to diagnose issues, poor lads. Inmarsat connections were too expensive, and the ship won't stay harboured for too long (but for scheduled maintenance).
Just they would really need a backup captain to take the helm automatically when the main one thinks showing off past an island is a good PR stunt...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
