Advisories ยป MGASA-2017-0135

Updated virtualbox packages fixes security vulnerabilities

Publication date: 09 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-3513 , CVE-2017-3558 , CVE-2017-3559 , CVE-2017-3561 , CVE-2017-3563 , CVE-2017-3575 , CVE-2017-3576 , CVE-2017-3587

Description

This update provides virtualbox 5.1.22 maintenance release and resolves
at least the following security issues:

A vulnerability in the core subcomponent of virtualbox allows high privilegied
attacker unauthorized read access to a subset of VirtualBox accessible data
(CVE-2017-3513).

A vulnerability in the core subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause hang or frequently repeatable crash resulting
in denialv of service (CVE-2017-3558).

Vulnerabilities in the core subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause hang or frequently repeatable crash resulting
in denial of service (CVE-2017-3559, CVE-2017-3575).

Vulnerabilities in the core subcomponent of virtualbox allows low privilegied
attacker to fully compromise virtualbox (CVE-2017-3561, CVE-2017-3563,
CVE-2017-3576).

A vulnerability in the Shared Folder subcomponent of virtualbox allows high
privileged attacker unauthorized creation, deletion or modification access
to critical data, unauthorized access to critical data to all virtualbox
accessible data and unauthorized ability to cause a hang or frequently
repeatable crash (CVE-2017-3587).

For other fixes in this update, see the referenced changelog.
                

References

SRPMS

5/core