Mageia alert MGASA-2013-0222 (virtualbox)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2013-0222: Updated virtualbox package
 fixes security issue 
Date:
    	     
 
Sun, 21 Jul 2013 11:01:14 +0200
Message-ID:
    	     
 
<20130721090114.EE16B41D6A@valstar.mageia.org>
Archive-link:
    	     
 
Article, Thread
              
MGASA-2013-0222 - Updated virtualbox package fixes security issue

Publication date: 21 Jul 2013
URL: http://advisories.mageia.org/MGASA-2013-0222.html
Type: security
Affected Mageia releases: 2, 3
CVE: CVE-2013-3792

Description:
This virtualbox update provides the 4.2.16 maintenance release,
which fixes the following security issue:

Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox,
which can be exploited by malicious, local users in a guest virtual
machine to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error and can be
exploited to render the host network connection and the virtual machine
instance unresponsive or locking the host by issuing e.g. the "tracepath"
command.
Successful exploitation requires the target virtual machine to be
equipped with a paravirtualised network adapter (virtio-net).
(CVE-2013-3792)

For other changes in this update, see the referenced changelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=10736
- https://www.virtualbox.org/wiki/Changelog
- https://www.virtualbox.org/ticket/11863
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3792

SRPMS:
- 3/core/kmod-vboxadditions-4.2.16-1.mga3
- 3/core/kmod-virtualbox-4.2.16-1.mga3
- 3/core/virtualbox-4.2.16-1.mga3
- 2/core/kmod-vboxadditions-4.2.16-1.mga2
- 2/core/kmod-virtualbox-4.2.16-1.mga2
- 2/core/virtualbox-4.2.16-1.mga2