diff options
Diffstat (limited to 'metadata/glsa/glsa-201001-04.xml')
-rw-r--r-- | metadata/glsa/glsa-201001-04.xml | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-201001-04.xml b/metadata/glsa/glsa-201001-04.xml new file mode 100644 index 000000000000..aa1f176917b2 --- /dev/null +++ b/metadata/glsa/glsa-201001-04.xml @@ -0,0 +1,104 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="201001-04"> + <title>VirtualBox: Multiple vulnerabilities</title> + <synopsis> + Multiple vulnerabilities in VirtualBox were found, the worst of which + allowing for privilege escalation. + </synopsis> + <product type="ebuild">virtualbox-bin virtualbox-ose virtualbox-guest-additions virtualbox-ose-additions</product> + <announced>2010-01-13</announced> + <revised count="01">2010-01-13</revised> + <bug>288836</bug> + <bug>294678</bug> + <access>local</access> + <affected> + <package name="app-emulation/virtualbox-bin" auto="yes" arch="*"> + <unaffected range="ge">3.0.12</unaffected> + <vulnerable range="lt">3.0.12</vulnerable> + </package> + <package name="app-emulation/virtualbox-ose" auto="yes" arch="*"> + <unaffected range="ge">3.0.12</unaffected> + <vulnerable range="lt">3.0.12</vulnerable> + </package> + <package name="app-emulation/virtualbox-guest-additions" auto="yes" arch="*"> + <unaffected range="ge">3.0.12</unaffected> + <vulnerable range="lt">3.0.12</vulnerable> + </package> + <package name="app-emulation/virtualbox-ose-additions" auto="yes" arch="*"> + <unaffected range="ge">3.0.12</unaffected> + <vulnerable range="lt">3.0.12</vulnerable> + </package> + </affected> + <background> + <p> + The VirtualBox family provides powerful x86 virtualization products. + </p> + </background> + <description> + <p> + Thomas Biege of SUSE discovered multiple vulnerabilities: + </p> + <ul><li>A shell metacharacter injection in popen() (CVE-2009-3692) and + a possible buffer overflow in strncpy() in the VBoxNetAdpCtl + configuration tool.</li> + <li>An unspecified vulnerability in VirtualBox + Guest Additions (CVE-2009-3940).</li> + </ul> + </description> + <impact type="normal"> + <p> + A local, unprivileged attacker with the permission to run VirtualBox + could gain root privileges. A guest OS local user could cause a Denial + of Service (memory consumption) on the guest OS via unknown vectors. + </p> + </impact> + <workaround> + <p> + There is no known workaround at this time. + </p> + </workaround> + <resolution> + <p> + All users of the binary version of VirtualBox should upgrade to the + latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-bin-3.0.12"</code> + <p> + All users of the Open Source version of VirtualBox should upgrade to + the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-3.0.12"</code> + <p> + All users of the binary VirtualBox Guest Additions should upgrade to + the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-guest-additions-3.0.12"</code> + <p> + All users of the Open Source VirtualBox Guest Additions should upgrade + to the latest version: + </p> + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-ose-additions-3.0.12"</code> + </resolution> + <references> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3692">CVE-2009-3692</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3940">CVE-2009-3940</uri> + </references> + <metadata tag="requester" timestamp="2009-11-09T23:19:24Z"> + craig + </metadata> + <metadata tag="submitter" timestamp="2010-01-05T20:50:17Z"> + craig + </metadata> + <metadata tag="bugReady" timestamp="2010-01-10T19:41:20Z"> + craig + </metadata> +</glsa> |