Advisories » MGASA-2015-0415

Updated virtualbox packages fix security vulnerabilities

Publication date: 27 Oct 2015
Modification date: 27 Oct 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-4813 , CVE-2015-4896

Description

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34,
4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability
requiring logon to Operating System. Successful attack of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS). 
Note: Only Windows guests are impacted, and Windows guests without
VirtualBox Guest Additions installed are not affected (CVE-2015-4813).

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34,
4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability allows
successful unauthenticated network attacks. Successful attack of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS).
Note: Only VMs with Remote Display feature (RDP) enabled are impacted
(CVE-2015-4896).

For other fixes in this update, see the referenced changelog.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17015
• http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixOVIR
• https://www.virtualbox.org/wiki/Changelog
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896

SRPMS

5/core

• kmod-vboxadditions-5.0.8-1.mga5
• kmod-virtualbox-5.0.8-1.mga5
• virtualbox-5.0.8-1.mga5