Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202004-02 ] VirtualBox: Multiple vulnerabilities
Date: Wed, 01 Apr 2020 19:43:14
Message-Id: 1d43c8a2-3738-e516-cfdd-af168aa46456@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202004-02
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: VirtualBox: Multiple vulnerabilities
9 Date: April 01, 2020
10 Bugs: #714064
11 ID: 202004-02
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in VirtualBox, the worst of
19 which could allow an attacker to take control of VirtualBox.
20
21 Background
22 ==========
23
24 VirtualBox is a powerful virtualization product from Oracle.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-emulation/virtualbox
33 < 6.1.2 *>= 5.2.36
34 *>= 6.0.16
35 *>= 6.1.2
36 2 app-emulation/virtualbox-bin
37 < 6.1.2 *>= 5.2.36
38 *>= 6.0.16
39 *>= 6.1.2
40 -------------------------------------------------------------------
41 2 affected packages
42
43 Description
44 ===========
45
46 Multiple vulnerabilities have been discovered in VirtualBox. Please
47 review the CVE identifiers referenced below for details.
48
49 Impact
50 ======
51
52 An attacker could take control of VirtualBox resulting in the execution
53 of arbitrary code with the privileges of the process, a Denial of
54 Service condition, or other unspecified impacts.
55
56 Workaround
57 ==========
58
59 There is no known workaround at this time.
60
61 Resolution
62 ==========
63
64 All VirtualBox 5.2.x users should upgrade to the latest version:
65
66 # emerge --sync
67 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-5.2.36"
68
69 All VirtualBox 6.0.x users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.0.16"
73
74 All VirtualBox 6.1.x users should upgrade to the latest version:
75
76 # emerge --sync
77 # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.2"
78
79 All VirtualBox binary 5.2.x users should upgrade to the latest version:
80
81 # emerge --sync
82 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-bin-5.2.36"
83
84 All VirtualBox binary 6.0.x users should upgrade to the latest version:
85
86 # emerge --sync
87 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-bin-6.0.16"
88
89 All VirtualBox binary 6.1.x users should upgrade to the latest version:
90
91 # emerge --sync
92 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-bin-6.1.2"
93
94 References
95 ==========
96
97 [ 1 ] CVE-2019-2926
98 https://nvd.nist.gov/vuln/detail/CVE-2019-2926
99 [ 2 ] CVE-2019-2944
100 https://nvd.nist.gov/vuln/detail/CVE-2019-2944
101 [ 3 ] CVE-2019-2984
102 https://nvd.nist.gov/vuln/detail/CVE-2019-2984
103 [ 4 ] CVE-2019-3002
104 https://nvd.nist.gov/vuln/detail/CVE-2019-3002
105 [ 5 ] CVE-2019-3005
106 https://nvd.nist.gov/vuln/detail/CVE-2019-3005
107 [ 6 ] CVE-2019-3017
108 https://nvd.nist.gov/vuln/detail/CVE-2019-3017
109 [ 7 ] CVE-2019-3021
110 https://nvd.nist.gov/vuln/detail/CVE-2019-3021
111 [ 8 ] CVE-2019-3026
112 https://nvd.nist.gov/vuln/detail/CVE-2019-3026
113 [ 9 ] CVE-2019-3028
114 https://nvd.nist.gov/vuln/detail/CVE-2019-3028
115 [ 10 ] CVE-2019-3031
116 https://nvd.nist.gov/vuln/detail/CVE-2019-3031
117 [ 11 ] CVE-2020-2674
118 https://nvd.nist.gov/vuln/detail/CVE-2020-2674
119 [ 12 ] CVE-2020-2678
120 https://nvd.nist.gov/vuln/detail/CVE-2020-2678
121 [ 13 ] CVE-2020-2681
122 https://nvd.nist.gov/vuln/detail/CVE-2020-2681
123 [ 14 ] CVE-2020-2682
124 https://nvd.nist.gov/vuln/detail/CVE-2020-2682
125 [ 15 ] CVE-2020-2689
126 https://nvd.nist.gov/vuln/detail/CVE-2020-2689
127 [ 16 ] CVE-2020-2690
128 https://nvd.nist.gov/vuln/detail/CVE-2020-2690
129 [ 17 ] CVE-2020-2691
130 https://nvd.nist.gov/vuln/detail/CVE-2020-2691
131 [ 18 ] CVE-2020-2692
132 https://nvd.nist.gov/vuln/detail/CVE-2020-2692
133 [ 19 ] CVE-2020-2693
134 https://nvd.nist.gov/vuln/detail/CVE-2020-2693
135 [ 20 ] CVE-2020-2698
136 https://nvd.nist.gov/vuln/detail/CVE-2020-2698
137 [ 21 ] CVE-2020-2702
138 https://nvd.nist.gov/vuln/detail/CVE-2020-2702
139 [ 22 ] CVE-2020-2703
140 https://nvd.nist.gov/vuln/detail/CVE-2020-2703
141 [ 23 ] CVE-2020-2704
142 https://nvd.nist.gov/vuln/detail/CVE-2020-2704
143 [ 24 ] CVE-2020-2705
144 https://nvd.nist.gov/vuln/detail/CVE-2020-2705
145 [ 25 ] CVE-2020-2725
146 https://nvd.nist.gov/vuln/detail/CVE-2020-2725
147 [ 26 ] CVE-2020-2726
148 https://nvd.nist.gov/vuln/detail/CVE-2020-2726
149 [ 27 ] CVE-2020-2727
150 https://nvd.nist.gov/vuln/detail/CVE-2020-2727
151
152 Availability
153 ============
154
155 This GLSA and any updates to it are available for viewing at
156 the Gentoo Security Website:
157
158 https://security.gentoo.org/glsa/202004-02
159
160 Concerns?
161 =========
162
163 Security is a primary focus of Gentoo Linux and ensuring the
164 confidentiality and security of our users' machines is of utmost
165 importance to us. Any security concerns should be addressed to
166 security@g.o or alternatively, you may file a bug at
167 https://bugs.gentoo.org.
168
169 License
170 =======
171
172 Copyright 2020 Gentoo Foundation, Inc; referenced text
173 belongs to its owner(s).
174
175 The contents of this document are licensed under the
176 Creative Commons - Attribution / Share Alike license.
177
178 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups