{ "schema_version": "1.7.0", "id": "MGASA-2013-0222", "published": "2013-07-21T09:01:13Z", "modified": "2013-07-21T09:01:09Z", "summary": "Updated virtualbox package fixes security issue", "details": "This virtualbox update provides the 4.2.16 maintenance release,\nwhich fixes the following security issue:\n\nThomas Dreibholz has discovered a vulnerability in Oracle VirtualBox,\nwhich can be exploited by malicious, local users in a guest virtual\nmachine to cause a DoS (Denial of Service).\nThe vulnerability is caused due to an unspecified error and can be\nexploited to render the host network connection and the virtual machine\ninstance unresponsive or locking the host by issuing e.g. the \"tracepath\"\ncommand.\nSuccessful exploitation requires the target virtual machine to be\nequipped with a paravirtualised network adapter (virtio-net).\n(CVE-2013-3792)\n\nFor other changes in this update, see the referenced changelog.\n", "upstream": [ "CVE-2013-3792" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0222.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=10736" }, { "type": "WEB", "url": "https://www.virtualbox.org/wiki/Changelog" }, { "type": "WEB", "url": "https://www.virtualbox.org/ticket/11863" } ], "affected": [ { "package": { "ecosystem": "Mageia:2", "name": "kmod-vboxadditions", "purl": "pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "kmod-virtualbox", "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:2", "name": "virtualbox", "purl": "pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-2" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-1.mga2" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-vboxadditions", "purl": "pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "kmod-virtualbox", "purl": "pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "virtualbox", "purl": "pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.2.16-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }