Advisories » MGASA-2023-0239

Updated virtualbox packages fix security vulnerabilities

Publication date: 23 Jul 2023
Modification date: 23 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-22016 , CVE-2023-22018

Description

This update provides the upstream 7.0.10 maintenance release that
fixes at least the following security vulnerabilities:

Vulnerability in the Oracle VM VirtualBox prior to 7.0.10 contains an
easily exploitable vulnerability that allows high privileged attacker
with logon to the infrastructure where Oracle VM VirtualBox executes
to compromise Oracle VM VirtualBox. Successful attacks require human
interaction from a person other than the attacker. Successful attacks
of this vulnerability can result in unauthorized ability to cause a
hang or frequently repeatable crash (complete DOS) of Oracle VM
VirtualBox (CVE-2023-22016).

Vulnerability in Oracle VM VirtualBox prior to 7.0.10 contains a difficult
to exploit vulnerability allows an unauthenticated attacker with network
access via RDP to compromise Oracle VM VirtualBox. Successful attacks of
this vulnerability can result in takeover of Oracle VM VirtualBox 
(CVE-2023-22018).

For other fixes in  this update, see the referenced changelog.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32124
• https://www.oracle.com/security-alerts/cpujul2023.html#AppendixOVIR
• https://www.virtualbox.org/wiki/Changelog-7.0#v10
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22016
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22018

SRPMS

8/core

• virtualbox-7.0.10-1.mga8
• kmod-virtualbox-7.0.10-1.mga8