Oracle gets busy with Lazy FPU fix, adds more CPU Spectre-protectors

Oracle has released fixes for Spectre v3a, Spectre v4, and the “Lazy FPU” vulnerability.

The two Spectre patches cover CVE-2018-3640 and CVE-2018-3640.

As Oracle's director of security assurance Eric Maurice explained, the patches apply to both Oracle Linux and Oracle VM and the associated Intel microcode.

The company was also busy on Friday with fixes for admins with systems that use its Ksplice no-reboot patches.

The one everyone was waiting for patches Oracle Linux RHCK 7 against the Intel Lazy FPU issue, CVE-2018-3665. Oracle Linux 6 and Oracle Linux 7 got their Lazy FPU patches in a separate announcement.

There's also a patch for Oracle Linux 6 and 7, to fix an IPSec denial-of-service, CVE-2017-16939.

The company's also announced improved fixes for the Spectre v2 mitigations (Intel and AMD), again for Oracle Linux 6 and 7. ®