Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202101-09 ] VirtualBox: Multiple vulnerabilities
Date: Tue, 12 Jan 2021 18:03:35
Message-Id: X/3jDU99HO/uYFzK@samurai
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202101-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: VirtualBox: Multiple vulnerabilities
9 Date: January 12, 2021
10 Bugs: #714064, #717626, #717782, #733924
11 ID: 202101-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in VirtualBox, the worst of
19 which could allow an attacker to take control of VirtualBox.
20
21 Background
22 ==========
23
24 VirtualBox is a powerful virtualization product from Oracle.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-emulation/virtualbox
33 < 6.1.12 >= 6.1.12:0/6.1
34 >= 6.0.24:0/6.0
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in VirtualBox. Please
40 review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 An attacker could take control of VirtualBox resulting in the execution
46 of arbitrary code with the privileges of the process, a Denial of
47 Service condition, or other unspecified impacts.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All Virtualbox 6.0.x users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.0.24:0/6.0"
61
62 All Virtualbox 6.1.x users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.1.12:0/6.1"
66
67 References
68 ==========
69
70 [ 1 ] CVE-2019-2848
71 https://nvd.nist.gov/vuln/detail/CVE-2019-2848
72 [ 2 ] CVE-2019-2850
73 https://nvd.nist.gov/vuln/detail/CVE-2019-2850
74 [ 3 ] CVE-2019-2859
75 https://nvd.nist.gov/vuln/detail/CVE-2019-2859
76 [ 4 ] CVE-2019-2863
77 https://nvd.nist.gov/vuln/detail/CVE-2019-2863
78 [ 5 ] CVE-2019-2864
79 https://nvd.nist.gov/vuln/detail/CVE-2019-2864
80 [ 6 ] CVE-2019-2865
81 https://nvd.nist.gov/vuln/detail/CVE-2019-2865
82 [ 7 ] CVE-2019-2866
83 https://nvd.nist.gov/vuln/detail/CVE-2019-2866
84 [ 8 ] CVE-2019-2867
85 https://nvd.nist.gov/vuln/detail/CVE-2019-2867
86 [ 9 ] CVE-2019-2873
87 https://nvd.nist.gov/vuln/detail/CVE-2019-2873
88 [ 10 ] CVE-2019-2874
89 https://nvd.nist.gov/vuln/detail/CVE-2019-2874
90 [ 11 ] CVE-2019-2875
91 https://nvd.nist.gov/vuln/detail/CVE-2019-2875
92 [ 12 ] CVE-2019-2876
93 https://nvd.nist.gov/vuln/detail/CVE-2019-2876
94 [ 13 ] CVE-2019-2877
95 https://nvd.nist.gov/vuln/detail/CVE-2019-2877
96 [ 14 ] CVE-2019-2926
97 https://nvd.nist.gov/vuln/detail/CVE-2019-2926
98 [ 15 ] CVE-2019-2944
99 https://nvd.nist.gov/vuln/detail/CVE-2019-2944
100 [ 16 ] CVE-2019-2984
101 https://nvd.nist.gov/vuln/detail/CVE-2019-2984
102 [ 17 ] CVE-2019-3002
103 https://nvd.nist.gov/vuln/detail/CVE-2019-3002
104 [ 18 ] CVE-2019-3005
105 https://nvd.nist.gov/vuln/detail/CVE-2019-3005
106 [ 19 ] CVE-2019-3017
107 https://nvd.nist.gov/vuln/detail/CVE-2019-3017
108 [ 20 ] CVE-2019-3021
109 https://nvd.nist.gov/vuln/detail/CVE-2019-3021
110 [ 21 ] CVE-2019-3026
111 https://nvd.nist.gov/vuln/detail/CVE-2019-3026
112 [ 22 ] CVE-2019-3028
113 https://nvd.nist.gov/vuln/detail/CVE-2019-3028
114 [ 23 ] CVE-2019-3031
115 https://nvd.nist.gov/vuln/detail/CVE-2019-3031
116 [ 24 ] CVE-2020-14628
117 https://nvd.nist.gov/vuln/detail/CVE-2020-14628
118 [ 25 ] CVE-2020-14629
119 https://nvd.nist.gov/vuln/detail/CVE-2020-14629
120 [ 26 ] CVE-2020-14646
121 https://nvd.nist.gov/vuln/detail/CVE-2020-14646
122 [ 27 ] CVE-2020-14647
123 https://nvd.nist.gov/vuln/detail/CVE-2020-14647
124 [ 28 ] CVE-2020-14648
125 https://nvd.nist.gov/vuln/detail/CVE-2020-14648
126 [ 29 ] CVE-2020-14649
127 https://nvd.nist.gov/vuln/detail/CVE-2020-14649
128 [ 30 ] CVE-2020-14650
129 https://nvd.nist.gov/vuln/detail/CVE-2020-14650
130 [ 31 ] CVE-2020-14673
131 https://nvd.nist.gov/vuln/detail/CVE-2020-14673
132 [ 32 ] CVE-2020-14674
133 https://nvd.nist.gov/vuln/detail/CVE-2020-14674
134 [ 33 ] CVE-2020-14675
135 https://nvd.nist.gov/vuln/detail/CVE-2020-14675
136 [ 34 ] CVE-2020-14676
137 https://nvd.nist.gov/vuln/detail/CVE-2020-14676
138 [ 35 ] CVE-2020-14677
139 https://nvd.nist.gov/vuln/detail/CVE-2020-14677
140 [ 36 ] CVE-2020-14694
141 https://nvd.nist.gov/vuln/detail/CVE-2020-14694
142 [ 37 ] CVE-2020-14695
143 https://nvd.nist.gov/vuln/detail/CVE-2020-14695
144 [ 38 ] CVE-2020-14698
145 https://nvd.nist.gov/vuln/detail/CVE-2020-14698
146 [ 39 ] CVE-2020-14699
147 https://nvd.nist.gov/vuln/detail/CVE-2020-14699
148 [ 40 ] CVE-2020-14700
149 https://nvd.nist.gov/vuln/detail/CVE-2020-14700
150 [ 41 ] CVE-2020-14703
151 https://nvd.nist.gov/vuln/detail/CVE-2020-14703
152 [ 42 ] CVE-2020-14704
153 https://nvd.nist.gov/vuln/detail/CVE-2020-14704
154 [ 43 ] CVE-2020-14707
155 https://nvd.nist.gov/vuln/detail/CVE-2020-14707
156 [ 44 ] CVE-2020-14711
157 https://nvd.nist.gov/vuln/detail/CVE-2020-14711
158 [ 45 ] CVE-2020-14712
159 https://nvd.nist.gov/vuln/detail/CVE-2020-14712
160 [ 46 ] CVE-2020-14713
161 https://nvd.nist.gov/vuln/detail/CVE-2020-14713
162 [ 47 ] CVE-2020-14714
163 https://nvd.nist.gov/vuln/detail/CVE-2020-14714
164 [ 48 ] CVE-2020-14715
165 https://nvd.nist.gov/vuln/detail/CVE-2020-14715
166 [ 49 ] CVE-2020-2575
167 https://nvd.nist.gov/vuln/detail/CVE-2020-2575
168 [ 50 ] CVE-2020-2674
169 https://nvd.nist.gov/vuln/detail/CVE-2020-2674
170 [ 51 ] CVE-2020-2678
171 https://nvd.nist.gov/vuln/detail/CVE-2020-2678
172 [ 52 ] CVE-2020-2681
173 https://nvd.nist.gov/vuln/detail/CVE-2020-2681
174 [ 53 ] CVE-2020-2682
175 https://nvd.nist.gov/vuln/detail/CVE-2020-2682
176 [ 54 ] CVE-2020-2689
177 https://nvd.nist.gov/vuln/detail/CVE-2020-2689
178 [ 55 ] CVE-2020-2690
179 https://nvd.nist.gov/vuln/detail/CVE-2020-2690
180 [ 56 ] CVE-2020-2691
181 https://nvd.nist.gov/vuln/detail/CVE-2020-2691
182 [ 57 ] CVE-2020-2692
183 https://nvd.nist.gov/vuln/detail/CVE-2020-2692
184 [ 58 ] CVE-2020-2693
185 https://nvd.nist.gov/vuln/detail/CVE-2020-2693
186 [ 59 ] CVE-2020-2698
187 https://nvd.nist.gov/vuln/detail/CVE-2020-2698
188 [ 60 ] CVE-2020-2701
189 https://nvd.nist.gov/vuln/detail/CVE-2020-2701
190 [ 61 ] CVE-2020-2702
191 https://nvd.nist.gov/vuln/detail/CVE-2020-2702
192 [ 62 ] CVE-2020-2703
193 https://nvd.nist.gov/vuln/detail/CVE-2020-2703
194 [ 63 ] CVE-2020-2704
195 https://nvd.nist.gov/vuln/detail/CVE-2020-2704
196 [ 64 ] CVE-2020-2705
197 https://nvd.nist.gov/vuln/detail/CVE-2020-2705
198 [ 65 ] CVE-2020-2725
199 https://nvd.nist.gov/vuln/detail/CVE-2020-2725
200 [ 66 ] CVE-2020-2726
201 https://nvd.nist.gov/vuln/detail/CVE-2020-2726
202 [ 67 ] CVE-2020-2727
203 https://nvd.nist.gov/vuln/detail/CVE-2020-2727
204 [ 68 ] CVE-2020-2741
205 https://nvd.nist.gov/vuln/detail/CVE-2020-2741
206 [ 69 ] CVE-2020-2742
207 https://nvd.nist.gov/vuln/detail/CVE-2020-2742
208 [ 70 ] CVE-2020-2743
209 https://nvd.nist.gov/vuln/detail/CVE-2020-2743
210 [ 71 ] CVE-2020-2748
211 https://nvd.nist.gov/vuln/detail/CVE-2020-2748
212 [ 72 ] CVE-2020-2758
213 https://nvd.nist.gov/vuln/detail/CVE-2020-2758
214 [ 73 ] CVE-2020-2894
215 https://nvd.nist.gov/vuln/detail/CVE-2020-2894
216 [ 74 ] CVE-2020-2902
217 https://nvd.nist.gov/vuln/detail/CVE-2020-2902
218 [ 75 ] CVE-2020-2905
219 https://nvd.nist.gov/vuln/detail/CVE-2020-2905
220 [ 76 ] CVE-2020-2907
221 https://nvd.nist.gov/vuln/detail/CVE-2020-2907
222 [ 77 ] CVE-2020-2908
223 https://nvd.nist.gov/vuln/detail/CVE-2020-2908
224 [ 78 ] CVE-2020-2909
225 https://nvd.nist.gov/vuln/detail/CVE-2020-2909
226 [ 79 ] CVE-2020-2910
227 https://nvd.nist.gov/vuln/detail/CVE-2020-2910
228 [ 80 ] CVE-2020-2911
229 https://nvd.nist.gov/vuln/detail/CVE-2020-2911
230 [ 81 ] CVE-2020-2913
231 https://nvd.nist.gov/vuln/detail/CVE-2020-2913
232 [ 82 ] CVE-2020-2914
233 https://nvd.nist.gov/vuln/detail/CVE-2020-2914
234 [ 83 ] CVE-2020-2929
235 https://nvd.nist.gov/vuln/detail/CVE-2020-2929
236 [ 84 ] CVE-2020-2951
237 https://nvd.nist.gov/vuln/detail/CVE-2020-2951
238 [ 85 ] CVE-2020-2958
239 https://nvd.nist.gov/vuln/detail/CVE-2020-2958
240 [ 86 ] CVE-2020-2959
241 https://nvd.nist.gov/vuln/detail/CVE-2020-2959
242
243 Availability
244 ============
245
246 This GLSA and any updates to it are available for viewing at
247 the Gentoo Security Website:
248
249 https://security.gentoo.org/glsa/202101-09
250
251 Concerns?
252 =========
253
254 Security is a primary focus of Gentoo Linux and ensuring the
255 confidentiality and security of our users' machines is of utmost
256 importance to us. Any security concerns should be addressed to
257 security@g.o or alternatively, you may file a bug at
258 https://bugs.gentoo.org.
259
260 License
261 =======
262
263 Copyright 2021 Gentoo Foundation, Inc; referenced text
264 belongs to its owner(s).
265
266 The contents of this document are licensed under the
267 Creative Commons - Attribution / Share Alike license.
268
269 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups