|
|
Subscribe / Log in / New account

Mageia alert MGASA-2017-0135 (virtualbox)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0135: Updated virtualbox packages fixes security vulnerabilities 


Date:
    	      Tue, 9 May 2017 08:36:02 +0200


Message-ID:
    	      <20170509063602.DB3D39F858@duvel.mageia.org>


MGASA-2017-0135 - Updated virtualbox packages fixes security vulnerabilities

Publication date: 09 May 2017
URL: http://advisories.mageia.org/MGASA-2017-0135.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-3513,
     CVE-2017-3558,
     CVE-2017-3559,
     CVE-2017-3561,
     CVE-2017-3563,
     CVE-2017-3575,
     CVE-2017-3576,
     CVE-2017-3587

Description:
This update provides virtualbox 5.1.22 maintenance release and resolves
atleast the following security issues:

A vulnerability in the core subcomponent of virtualbox allows high privilegied
attacker unauthorized read access to a subset of VirtualBox accessible data
(CVE-2017-3513).

A vulnerability in the core subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause hang or frequently repeatable crash resulting
in denialv of service (CVE-2017-3558).

Vulnerabilities in the core subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause hang or frequently repeatable crash resulting
in denial of service (CVE-2017-3559, CVE-2017-3575).

Vulnerabilities in the core subcomponent of virtualbox allows low privilegied
attacker to fully compromise virtualbox (CVE-2017-3561, CVE-2017-3563,
CVE-2017-3576).

A vulnerability in the Shared Folder subcomponent of virtualbox allows high
privileged attacker unauthorized creation, deletion or modification access
to critical data, unauthorized access to critical data to all virtualbox
accessible data and unauthorized ability to cause a hang or frequently
repeatable crash (CVE-2017-3587).

For other fixes in this update, see the referenced changelog.

References:
- https://bugs.mageia.org/show_bug.cgi?id=20729
- https://www.virtualbox.org/wiki/Changelog
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3513
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3558
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3559
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3561
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3563
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3575
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3576
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3587

SRPMS:
- 5/core/kmod-vboxadditions-5.1.22-1.mga5
- 5/core/kmod-virtualbox-5.1.22-1.mga5
- 5/core/virtualbox-5.1.22-1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds