Advisory: Updated virtualbox package fixes security vulnerabilities A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). Note: Only Windows guests are impacted, and Windows guests without VirtualBox Guest Additions installed are not affected (CVE-2015-4813). A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability allows successful unauthenticated network attacks. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS). Note: Only VMs with Remote Display feature (RDP) enabled are impacted (CVE-2015-4896). References: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixOVIR SRPMS: kmod-vboxadditions-5.0.8-1.mga5.src.rpm kmod-virtualbox-5.0.8-1.mga5.src.rpm virtualbox-5.0.8-1.mga5.src.rpm i586: dkms-vboxadditions-5.0.8-1.mga5.noarch.rpm dkms-virtualbox-5.0.8-1.mga5.noarch.rpm python-virtualbox-5.0.8-1.mga5.i586.rpm vboxadditions-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.i586.rpm vboxadditions-kernel-4.1.8-desktop586-1.mga5-5.0.8-1.mga5.i586.rpm vboxadditions-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.0.8-1.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.0.8-1.mga5.i586.rpm vboxadditions-kernel-server-latest-5.0.8-1.mga5.i586.rpm virtualbox-5.0.8-1.mga5.i586.rpm virtualbox-devel-5.0.8-1.mga5.i586.rpm virtualbox-guest-additions-5.0.8-1.mga5.i586.rpm virtualbox-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.i586.rpm virtualbox-kernel-4.1.8-desktop586-1.mga5-5.0.8-1.mga5.i586.rpm virtualbox-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.0.8-1.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.0.8-1.mga5.i586.rpm virtualbox-kernel-server-latest-5.0.8-1.mga5.i586.rpm x11-driver-video-vboxvideo-5.0.8-1.mga5.i586.rpm x86_64: dkms-vboxadditions-5.0.8-1.mga5.noarch.rpm dkms-virtualbox-5.0.8-1.mga5.noarch.rpm python-virtualbox-5.0.8-1.mga5.x86_64.rpm vboxadditions-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.x86_64.rpm vboxadditions-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.0.8-1.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.0.8-1.mga5.x86_64.rpm virtualbox-5.0.8-1.mga5.x86_64.rpm virtualbox-devel-5.0.8-1.mga5.x86_64.rpm virtualbox-guest-additions-5.0.8-1.mga5.x86_64.rpm virtualbox-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.x86_64.rpm virtualbox-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.0.8-1.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.0.8-1.mga5.x86_64.rpm x11-driver-video-vboxvideo-5.0.8-1.mga5.x86_64.rpm Reproducible: Steps to Reproduce:
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Tested Mageia 5 guest and host, as well as Windows 7 and Debian guests, Mageia 5 i586. Everything OK.
Whiteboard: advisory => advisory MGA5-32-OK
Keywords: (none) => validated_updateWhiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0415.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/662176/