Gentoo Archives: gentoo-announce

From: John Helmert III <ajak@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202212-03 ] Oracle VirtualBox: Multiple Vulnerabilities
Date: Mon, 19 Dec 2022 02:15:23
Message-Id: Y5/HkXnxSGqvnPTG@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202212-03
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Oracle VirtualBox: Multiple Vulnerabilities
9 Date: December 19, 2022
10 Bugs: #877601
11 ID: 202212-03
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in Oracle Virtualbox, the
19 worst of which could result in privilege escalation from a guest to the
20 host.
21
22 Background
23 ==========
24
25 VirtualBox is a powerful virtualization product from Oracle.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-emulation/virtualbox < 6.1.40 >= 6.1.40
34 2 app-emulation/virtualbox-modules < 6.1.40 >= 6.1.40
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in Oracle VirtualBox.
40 Please review the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 Please review the referenced CVE identifiers for details.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All Oracle VirtualBox users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.40"
59
60 All Oracle VirtualBox modules users should upgrade to the latest
61 version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-modules-6.1.40"
65
66 References
67 ==========
68
69 [ 1 ] CVE-2022-21620
70 https://nvd.nist.gov/vuln/detail/CVE-2022-21620
71 [ 2 ] CVE-2022-21621
72 https://nvd.nist.gov/vuln/detail/CVE-2022-21621
73 [ 3 ] CVE-2022-21627
74 https://nvd.nist.gov/vuln/detail/CVE-2022-21627
75 [ 4 ] CVE-2022-39421
76 https://nvd.nist.gov/vuln/detail/CVE-2022-39421
77 [ 5 ] CVE-2022-39422
78 https://nvd.nist.gov/vuln/detail/CVE-2022-39422
79 [ 6 ] CVE-2022-39423
80 https://nvd.nist.gov/vuln/detail/CVE-2022-39423
81 [ 7 ] CVE-2022-39424
82 https://nvd.nist.gov/vuln/detail/CVE-2022-39424
83 [ 8 ] CVE-2022-39425
84 https://nvd.nist.gov/vuln/detail/CVE-2022-39425
85 [ 9 ] CVE-2022-39426
86 https://nvd.nist.gov/vuln/detail/CVE-2022-39426
87
88 Availability
89 ============
90
91 This GLSA and any updates to it are available for viewing at
92 the Gentoo Security Website:
93
94 https://security.gentoo.org/glsa/202212-03
95
96 Concerns?
97 =========
98
99 Security is a primary focus of Gentoo Linux and ensuring the
100 confidentiality and security of our users' machines is of utmost
101 importance to us. Any security concerns should be addressed to
102 security@g.o or alternatively, you may file a bug at
103 https://bugs.gentoo.org.
104
105 License
106 =======
107
108 Copyright 2022 Gentoo Foundation, Inc; referenced text
109 belongs to its owner(s).
110
111 The contents of this document are licensed under the
112 Creative Commons - Attribution / Share Alike license.
113
114 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature