| 1 |
type: security |
| 2 |
subject: Updated virtualbox package fixes security issue |
| 3 |
CVE: |
| 4 |
- CVE-2013-3792 |
| 5 |
src: |
| 6 |
2: |
| 7 |
core: |
| 8 |
- kmod-vboxadditions-4.2.16-1.mga2 |
| 9 |
- kmod-virtualbox-4.2.16-1.mga2 |
| 10 |
- virtualbox-4.2.16-1.mga2 |
| 11 |
3: |
| 12 |
core: |
| 13 |
- kmod-vboxadditions-4.2.16-1.mga3 |
| 14 |
- kmod-virtualbox-4.2.16-1.mga3 |
| 15 |
- virtualbox-4.2.16-1.mga3 |
| 16 |
description: | |
| 17 |
This virtualbox update provides the 4.2.16 maintenance release, |
| 18 |
which fixes the following security issue: |
| 19 |
|
| 20 |
Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, |
| 21 |
which can be exploited by malicious, local users in a guest virtual |
| 22 |
machine to cause a DoS (Denial of Service). |
| 23 |
The vulnerability is caused due to an unspecified error and can be |
| 24 |
exploited to render the host network connection and the virtual machine |
| 25 |
instance unresponsive or locking the host by issuing e.g. the "tracepath" |
| 26 |
command. |
| 27 |
Successful exploitation requires the target virtual machine to be |
| 28 |
equipped with a paravirtualised network adapter (virtio-net). |
| 29 |
(CVE-2013-3792) |
| 30 |
|
| 31 |
For other changes in this update, see the referenced changelog. |
| 32 |
references: |
| 33 |
- https://bugs.mageia.org/show_bug.cgi?id=10736 |
| 34 |
- https://www.virtualbox.org/wiki/Changelog |
| 35 |
- https://www.virtualbox.org/ticket/11863 |
| 36 |
ID: MGASA-2013-0222 |
Parent Directory
| 
Revision Log