[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 268-1] virtualbox-ose security update



Package        : virtualbox-ose
Version        : 3.2.10-dfsg-1+squeeze4
CVE ID         : CVE-2015-0377 CVE-2015-0418 CVE-2015-3456
Debian Bug     : #775888 #785424

Three vulnerabilities have been fixed in the Debian squeeze-lts version of
VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution.

CVE-2015-0377

    Avoid VirtualBox allowing local users to affect availability via
    unknown vectors related to Core, which might result in denial of
    service. (Other issue than CVE-2015-0418).

CVE-2015-0418

    Avoid VirtualBox allowing local users to affect availability via
    unknown vectors related to Core, which might result in denial of
    service. (Other issue than CVE-2015-0377).


CVE-2015-3456

    The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and
    other virtualization products, allowed local guest users to cause a
    denial of service (out-of-bounds write and guest crash) or possibly
    execute arbitrary code via the (1) FD_CMD_READ_ID, (2)
    FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands,
    aka VENOM.

-- 

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: Digital signature


Reply to: