Debian Security Advisory
DSA-3274-1 virtualbox -- security update
- Date Reported:
- 28 May 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3456.
- More information:
Jason Geffner discovered a buffer overflow in the emulated floppy disk drive, resulting in potential privilege escalation.
For the oldstable distribution (wheezy), this problem has been fixed in version 4.1.18-dfsg-2+deb7u5.
For the stable distribution (jessie), this problem has been fixed in version 4.3.18-dfsg-3+deb8u2.
For the unstable distribution (sid), this problem has been fixed in version 4.3.28-dfsg-1.
We recommend that you upgrade your virtualbox packages.