Advisories ยป MGASA-2015-0228

Updated virtualbox packages fix security vulnerabilities

Publication date: 15 May 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3456


Updated virtualbox packages fixes security vulnerability

This update provides the 4.3.28 maintenance release fixing the
following security issue:

The Floppy Disk Controller (FDC) in QEMU, XEN, KVM and virtualbox allows
local guest users to cause a denial of service (out-of-bounds write and
guest crash) or possibly execute arbitrary code via the FD_CMD_READ_ID,
FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands,
aka VENOM (CVE-2015-3456).

For other fixes in the maintenance release, read the referenced changelog.