Package : virtualbox-ose Version : 3.2.10-dfsg-1+squeeze4 CVE ID : CVE-2015-0377 CVE-2015-0418 CVE-2015-3456 Debian Bug : #775888 #785424 Three vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution. CVE-2015-0377 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0418). CVE-2015-0418 Avoid VirtualBox allowing local users to affect availability via unknown vectors related to Core, which might result in denial of service. (Other issue than CVE-2015-0377). CVE-2015-3456 The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and other virtualization products, allowed local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. -- mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
signature.asc
Description: Digital signature