In response to the publicly exposed Venom vulnerability impacting virtual environments, Oracle has released updates for its products.
According to a statement published on its website, Oracle will be addressing the bug with updates to Oracle Linux, Oracle Virtual Compute Appliance, Oracle VM and Oracle VM VirtualBox. However, the company noted that other products, including Oracle Database Appliance, Oracle Exadata Database Machine, and Oracle Exalogic Elastic Cloud, do not yet have updates available.
Due to the severity of the Venom vulnerability, products should be patched as soon as possible. Software security assurance director at Oracle, Eric Maurice, emphasised on the company's blog that "Oracle further recommends that customers apply the relevant fixes as soon as they become available."
According to its advisory, Oracle assures customers that the company ”is investigating and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against this vulnerability.”
It is also of note that updated product lists will be released without additional customer and subscriber alerts, therefore requiring customers to check back on the Oracle site for updates.