Mageia Advisory: MGASA-2015-0228 - Updated virtualbox packages fix security vulnerabilities

Updated virtualbox packages fix security vulnerabilities

Publication date: 15 May 2015
Modification date: 15 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3456

Description

Updated virtualbox packages fixes security vulnerability

This update provides the 4.3.28 maintenance release fixing the
following security issue:

The Floppy Disk Controller (FDC) in QEMU, XEN, KVM and virtualbox allows
local guest users to cause a denial of service (out-of-bounds write and
guest crash) or possibly execute arbitrary code via the FD_CMD_READ_ID,
FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands,
aka VENOM (CVE-2015-3456).

For other fixes in the maintenance release, read the referenced changelog.

References

https://bugs.mageia.org/show_bug.cgi?id=15935
https://www.virtualbox.org/wiki/Changelog
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3456

SRPMS

4/core

kmod-vboxadditions-4.3.28-1.mga4
kmod-virtualbox-4.3.28-1.mga4
virtualbox-4.3.28-1.mga4

Advisories » MGASA-2015-0228

Updated virtualbox packages fix security vulnerabilities

Description

References

SRPMS

4/core