Mageia alert MGASA-2018-0257 (virtualbox)

From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2018-0257: Updated virtualbox packages fix security vulnerabilities 
Date:
    	       Tue, 29 May 2018 21:42:07 +0200
Message-ID:
    	       <20180529194207.76EA8A00A6@duvel.mageia.org>
MGASA-2018-0257 - Updated virtualbox packages fix security vulnerabilities

Publication date: 29 May 2018
URL: https://advisories.mageia.org/MGASA-2018-0257.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-0739,
     CVE-2018-2830,
     CVE-2018-2831,
     CVE-2018-2835,
     CVE-2018-2836,
     CVE-2018-2837,
     CVE-2018-2842,
     CVE-2018-2843,
     CVE-2018-2844,
     CVE-2018-2845,
     CVE-2018-2860

Description:
This update provides virtualbox 5.2.12 and fixes the following security
issues:

Unauthorized remote attacker may have caused a hang or frequently
repeatable crash (complete DOS) (CVE-2018-0739).

Attacker with host login may have compromised Virtualbox or further system
services after interaction with a third user (CVE-2018-2830).

Attacker with host login may have compromised VirtualBox or further system
services, allowing read access to some data (CVE-2018-2831).

Attacker with host login may have gained control over VirtualBox and
possibly further system services after interacting with a third user
(CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842,
CVE-2018-2843, CVE-2018-2844).

Attacker with host login may have caused a hang or frequently repeatable
crash (complete DOS), and perform unauthorized read and write operation
to some VirtualBox accessible data (CVE-2018-2845).

Privileged attacker may have gained control over VirtualBox and possibly
further system services (CVE-2018-2860).

For other fixes in this update, see the referenced changelog 

References:
- https://bugs.mageia.org/show_bug.cgi?id=22930
- https://www.virtualbox.org/wiki/Changelog
- http://www.oracle.com/technetwork/security-advisory/cpuap...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2830
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2831
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2835
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2837
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2842
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2844
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2845
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2860

SRPMS:
- 6/core/virtualbox-5.2.12-1.mga6
- 6/core/kmod-virtualbox-5.2.12-1.mga6
- 6/core/kmod-vboxadditions-5.2.12-1.mga6

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2018-0257: Updated virtualbox packages fix security vulnerabilities
Date:		Tue, 29 May 2018 21:42:07 +0200
Message-ID:		<20180529194207.76EA8A00A6@duvel.mageia.org>