Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201805-08 ] VirtualBox: Multiple vulnerabilities
Date: Tue, 22 May 2018 22:34:14
Message-Id: 6640975.kvrj8TaeDK@monkey
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201805-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: VirtualBox: Multiple vulnerabilities
9 Date: May 22, 2018
10 Bugs: #655186
11 ID: 201805-08
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in VirtualBox, the worst of
19 which could allow an attacker to take control of VirtualBox.
20
21 Background
22 ==========
23
24 VirtualBox is a powerful virtualization product from Oracle.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-emulation/virtualbox
33 < 5.1.36 >= 5.1.36
34 2 app-emulation/virtualbox-bin
35 < 5.1.36.122089 >= 5.1.36.122089
36 -------------------------------------------------------------------
37 2 affected packages
38
39 Description
40 ===========
41
42 Multiple vulnerabilities have been discovered in VirtualBox. Please
43 review the CVE identifiers referenced below for details.
44
45 Impact
46 ======
47
48 An attacker could take control of VirtualBox resulting in the execution
49 of arbitrary code with the privileges of the process, a Denial of
50 Service condition, or other unspecified impacts.
51
52 Workaround
53 ==========
54
55 There is no known workaround at this time.
56
57 Resolution
58 ==========
59
60 All VirtualBox users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-5.1.36"
64
65 All VirtualBox binary users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge -a -1 -v ">=app-emulation/virtualbox-bin-5.1.36.122089"
69
70 References
71 ==========
72
73 [ 1 ] CVE-2018-2830
74 https://nvd.nist.gov/vuln/detail/CVE-2018-2830
75 [ 2 ] CVE-2018-2831
76 https://nvd.nist.gov/vuln/detail/CVE-2018-2831
77 [ 3 ] CVE-2018-2835
78 https://nvd.nist.gov/vuln/detail/CVE-2018-2835
79 [ 4 ] CVE-2018-2836
80 https://nvd.nist.gov/vuln/detail/CVE-2018-2836
81 [ 5 ] CVE-2018-2837
82 https://nvd.nist.gov/vuln/detail/CVE-2018-2837
83 [ 6 ] CVE-2018-2842
84 https://nvd.nist.gov/vuln/detail/CVE-2018-2842
85 [ 7 ] CVE-2018-2843
86 https://nvd.nist.gov/vuln/detail/CVE-2018-2843
87 [ 8 ] CVE-2018-2844
88 https://nvd.nist.gov/vuln/detail/CVE-2018-2844
89 [ 9 ] CVE-2018-2845
90 https://nvd.nist.gov/vuln/detail/CVE-2018-2845
91 [ 10 ] CVE-2018-2860
92 https://nvd.nist.gov/vuln/detail/CVE-2018-2860
93
94 Availability
95 ============
96
97 This GLSA and any updates to it are available for viewing at
98 the Gentoo Security Website:
99
100 https://security.gentoo.org/glsa/201805-08
101
102 Concerns?
103 =========
104
105 Security is a primary focus of Gentoo Linux and ensuring the
106 confidentiality and security of our users' machines is of utmost
107 importance to us. Any security concerns should be addressed to
108 security@g.o or alternatively, you may file a bug at
109 https://bugs.gentoo.org.
110
111 License
112 =======
113
114 Copyright 2018 Gentoo Foundation, Inc; referenced text
115 belongs to its owner(s).
116
117 The contents of this document are licensed under the
118 Creative Commons - Attribution / Share Alike license.
119
120 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature