Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202101-15 ] VirtualBox: Multiple vulnerabilities
Date: Fri, 22 Jan 2021 16:40:10
Message-Id: YAr6JQqqA43cnPB8@samurai
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202101-15
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: VirtualBox: Multiple vulnerabilities
9 Date: January 22, 2021
10 Bugs: #750782, #766348
11 ID: 202101-15
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in VirtualBox, the worst of
19 which could result in privilege escalation.
20
21 Background
22 ==========
23
24 VirtualBox is a powerful virtualization product from Oracle.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 app-emulation/virtualbox
33 < 6.1.18 >= 6.1.18
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in VirtualBox. Please
39 review the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 Please review the referenced CVE identifiers for details.
45
46 Workaround
47 ==========
48
49 There is no known workaround at this time.
50
51 Resolution
52 ==========
53
54 All VirtualBox users should upgrade to the latest version:
55
56 # emerge --sync
57 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.1.18"
58
59 References
60 ==========
61
62 [ 1 ] CVE-2020-14872
63 https://nvd.nist.gov/vuln/detail/CVE-2020-14872
64 [ 2 ] CVE-2020-14881
65 https://nvd.nist.gov/vuln/detail/CVE-2020-14881
66 [ 3 ] CVE-2020-14884
67 https://nvd.nist.gov/vuln/detail/CVE-2020-14884
68 [ 4 ] CVE-2020-14885
69 https://nvd.nist.gov/vuln/detail/CVE-2020-14885
70 [ 5 ] CVE-2020-14886
71 https://nvd.nist.gov/vuln/detail/CVE-2020-14886
72 [ 6 ] CVE-2020-14889
73 https://nvd.nist.gov/vuln/detail/CVE-2020-14889
74 [ 7 ] CVE-2020-14892
75 https://nvd.nist.gov/vuln/detail/CVE-2020-14892
76 [ 8 ] CVE-2021-2073
77 https://nvd.nist.gov/vuln/detail/CVE-2021-2073
78 [ 9 ] CVE-2021-2074
79 https://nvd.nist.gov/vuln/detail/CVE-2021-2074
80 [ 10 ] CVE-2021-2086
81 https://nvd.nist.gov/vuln/detail/CVE-2021-2086
82 [ 11 ] CVE-2021-2111
83 https://nvd.nist.gov/vuln/detail/CVE-2021-2111
84 [ 12 ] CVE-2021-2112
85 https://nvd.nist.gov/vuln/detail/CVE-2021-2112
86 [ 13 ] CVE-2021-2119
87 https://nvd.nist.gov/vuln/detail/CVE-2021-2119
88 [ 14 ] CVE-2021-2120
89 https://nvd.nist.gov/vuln/detail/CVE-2021-2120
90 [ 15 ] CVE-2021-2121
91 https://nvd.nist.gov/vuln/detail/CVE-2021-2121
92 [ 16 ] CVE-2021-2123
93 https://nvd.nist.gov/vuln/detail/CVE-2021-2123
94 [ 17 ] CVE-2021-2124
95 https://nvd.nist.gov/vuln/detail/CVE-2021-2124
96 [ 18 ] CVE-2021-2125
97 https://nvd.nist.gov/vuln/detail/CVE-2021-2125
98 [ 19 ] CVE-2021-2126
99 https://nvd.nist.gov/vuln/detail/CVE-2021-2126
100 [ 20 ] CVE-2021-2127
101 https://nvd.nist.gov/vuln/detail/CVE-2021-2127
102 [ 21 ] CVE-2021-2128
103 https://nvd.nist.gov/vuln/detail/CVE-2021-2128
104 [ 22 ] CVE-2021-2129
105 https://nvd.nist.gov/vuln/detail/CVE-2021-2129
106 [ 23 ] CVE-2021-2130
107 https://nvd.nist.gov/vuln/detail/CVE-2021-2130
108 [ 24 ] CVE-2021-2131
109 https://nvd.nist.gov/vuln/detail/CVE-2021-2131
110
111 Availability
112 ============
113
114 This GLSA and any updates to it are available for viewing at
115 the Gentoo Security Website:
116
117 https://security.gentoo.org/glsa/202101-15
118
119 Concerns?
120 =========
121
122 Security is a primary focus of Gentoo Linux and ensuring the
123 confidentiality and security of our users' machines is of utmost
124 importance to us. Any security concerns should be addressed to
125 security@g.o or alternatively, you may file a bug at
126 https://bugs.gentoo.org.
127
128 License
129 =======
130
131 Copyright 2021 Gentoo Foundation, Inc; referenced text
132 belongs to its owner(s).
133
134 The contents of this document are licensed under the
135 Creative Commons - Attribution / Share Alike license.
136
137 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature