Advisories ยป MGASA-2019-0151

Virtualbox 6.0.6 fixes security vulnerabilities

Publication date: 04 May 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-2574 , CVE-2019-2656 , CVE-2019-2657 , CVE-2019-2678 , CVE-2019-2679 , CVE-2019-2680 , CVE-2019-2690 , CVE-2019-2696 , CVE-2019-2703 , CVE-2019-2721 , CVE-2019-2722 , CVE-2019-2723

Description

This update provides an update to the new Virtualbox 6.0 branch,
currently 6.0.6. It also fixes the following security issues.

Easily exploitable vulnerability allows low privileged attacker with logon
to the infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
attacks may significantly impact additional products. Successful attacks
of this vulnerability can result in unauthorized access to critical data
or complete access to all Oracle VM VirtualBox accessible data
(CVE-2019-2574).

Easily exploitable vulnerability allows low privileged attacker with logon
to the infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
attacks may significantly impact additional products. Successful attacks of
this vulnerability can result in takeover of Oracle VM VirtualBox
(CVE-2019-2656, CVE-2019-2657, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703,
CVE-2019-2721, CVE-2019-2722, CVE-2019-2723

Easily exploitable vulnerability allows low privileged attacker with logon
to the infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
attacks may significantly impact additional products. Successful attacks of
this vulnerability can result in unauthorized access to critical data or
complete access to all Oracle VM VirtualBox accessible data (CVE-2019-2678).

Easily exploitable vulnerability allows low privileged attacker with logon
to the infrastructure where Oracle VM VirtualBox executes to compromise
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
attacks may significantly impact additional products. Successful attacks
of this vulnerability can result in unauthorized ability to cause a hang
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and
unauthorized read access to a subset of Oracle VM VirtualBox accessible
data (CVE-2019-2679).

Difficult to exploit vulnerability allows low privileged attacker with
logon to the infrastructure where Oracle VM VirtualBox executes to
compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
VirtualBox, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in takeover of Oracle
VM VirtualBox (CVE-2019-2690).

For info about other changes in this update, see the referenced changelog.
                

References

SRPMS

6/core