Updated virtualbox packages fix security vulnerability
Publication date: 24 Jan 2023Modification date: 24 Jan 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-21884 , CVE-2023-21886 , CVE-2023-21889
Description
Easily exploitable vulnerability allows high privileged attacker with
logon to the infrastructure where Oracle VM VirtualBox executes to
compromise Oracle VM VirtualBox. (CVE-2023-21884)
Unauthenticated attacker with network access via multiple protocols to
compromise Oracle VM VirtualBox.(CVE-2023-21886)
Low privileged attacker with logon to the infrastructure where Oracle VM
VirtualBox executes to compromise Oracle VM VirtualBox (CVE-2023-21889)
For other changes see referenced changelog.
References
- https://bugs.mageia.org/show_bug.cgi?id=31429
- https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR
- https://www.virtualbox.org/wiki/Changelog-7.0#v6
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21884
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21886
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21889
SRPMS
8/core
- virtualbox-7.0.6-1.mga8
- kmod-virtualbox-7.0.6-1.mga8