Advisories ยป MGASA-2017-0078

Updated virtualbox packages fixes security vulnerabilities

Publication date: 23 Mar 2017
Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5545 , CVE-2017-3290 , CVE-2017-3316 , CVE-2017-3332 , CVE-2017-3538

Description

This update provides virtualbox 5.1.18 maintenance release and resolves
at least the following security issues:

A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause a partial denial of service (bsc#1020856)
(CVE-2016-5545).

A vulnerability in the Shared Folder subcomponent of virtualbox allows high
privileged attacker unauthorized creation, deletion or modification access
to critical data and unauthorized ability to cause a hang or frequently
repeatable crash (bsc#1020856) (CVE-2017-3290).

A vulnerability in the GUI subcomponent of virtualbox allows high privileged
attacker with network access via multiple protocols to compromise virtualbox
(bsc#1020856) (CVE-2017-3316).

A vulnerability in the SVGA Emulation subcomponent of virtualbox allows low
privileged attacker unauthorized creation, deletion or modification access
to critical data and unauthorized ability to cause a hang or frequently
repeatable crash (bsc#1020856) (CVE-2017-3332).

A vulnerability in the Shared Folder subcomponent of virtualbox allows high
privileged attacker unauthorized creation, deletion or modification access
to critical data and unauthorized access to critical data to all virtualbox
accessible data (CVE-2017-3538).

For other fixes in this update, see the referenced changelog.

References

SRPMS

5/core