Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sergey Popov <pinkbyte@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] [ GLSA 201401-13 ] VirtualBox: Multiple Vulnerabilities
Date: Mon, 20 Jan 2014 09:19:36
Message-Id: 52DCE735.4090509@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201401-13
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: VirtualBox: Multiple Vulnerabilities
9 Date: January 20, 2014
10 Bugs: #434872, #498166
11 ID: 201401-13
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in VirtualBox, allowing local
19 attackers to escalate their privileges or cause a Denial of Service
20 condition.
21
22 Background
23 ==========
24
25 VirtualBox is a powerful virtualization product from Oracle.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 app-emulation/virtualbox
34 < 4.2.22 >= 4.2.22
35 2 app-emulation/virtualbox-bin
36 < 4.2.22 >= 4.2.22
37 -------------------------------------------------------------------
38 2 affected packages
39
40 Description
41 ===========
42
43 Multiple vulnerabilities have been discovered in Virtualbox. Please
44 review the CVE identifiers referenced below for details.
45
46 Impact
47 ======
48
49 A local attacker in a guest virtual machine may be able to escalate
50 privileges or cause a Denial of Service condition.
51
52 Workaround
53 ==========
54
55 There is no known workaround at this time.
56
57 Resolution
58 ==========
59
60 All virtualbox users should upgrade to the latest version:
61
62 # emerge --sync
63 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-4.2.22"
64
65 All virtualbox-bin users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot -v ">=app-emulation/virtualbox-bin-4.2.22"
69
70 References
71 ==========
72
73 [ 1 ] CVE-2012-3221
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3221
75 [ 2 ] CVE-2013-5892
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5892
77 [ 3 ] CVE-2014-0404
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0404
79 [ 4 ] CVE-2014-0405
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0405
81 [ 5 ] CVE-2014-0406
82 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0406
83 [ 6 ] CVE-2014-0407
84 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0407
85
86 Availability
87 ============
88
89 This GLSA and any updates to it are available for viewing at
90 the Gentoo Security Website:
91
92 http://security.gentoo.org/glsa/glsa-201401-13.xml
93
94 Concerns?
95 =========
96
97 Security is a primary focus of Gentoo Linux and ensuring the
98 confidentiality and security of our users' machines is of utmost
99 importance to us. Any security concerns should be addressed to
100 security@g.o or alternatively, you may file a bug at
101 https://bugs.gentoo.org.
102
103 License
104 =======
105
106 Copyright 2014 Gentoo Foundation, Inc; referenced text
107 belongs to its owner(s).
108
109 The contents of this document are licensed under the
110 Creative Commons - Attribution / Share Alike license.
111
112 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups