Advisories ยป MGASA-2018-0257

Updated virtualbox packages fix security vulnerabilities

Publication date: 29 May 2018
Modification date: 29 May 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0739 , CVE-2018-2830 , CVE-2018-2831 , CVE-2018-2835 , CVE-2018-2836 , CVE-2018-2837 , CVE-2018-2842 , CVE-2018-2843 , CVE-2018-2844 , CVE-2018-2845 , CVE-2018-2860

Description

This update provides virtualbox 5.2.12 and fixes the following security
issues:

Unauthorized remote attacker may have caused a hang or frequently
repeatable crash (complete DOS) (CVE-2018-0739).

Attacker with host login may have compromised Virtualbox or further system
services after interaction with a third user (CVE-2018-2830).

Attacker with host login may have compromised VirtualBox or further system
services, allowing read access to some data (CVE-2018-2831).

Attacker with host login may have gained control over VirtualBox and
possibly further system services after interacting with a third user
(CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842,
CVE-2018-2843, CVE-2018-2844).

Attacker with host login may have caused a hang or frequently repeatable
crash (complete DOS), and perform unauthorized read and write operation
to some VirtualBox accessible data (CVE-2018-2845).

Privileged attacker may have gained control over VirtualBox and possibly
further system services (CVE-2018-2860).

For other fixes in this update, see the referenced changelog

References

SRPMS

6/core