advisories/20222.adv

type: security
subject: Updated virtualbox packages fixes security vulnerabilities
CVE:
 - CVE-2016-5545
 - CVE-2017-3290
 - CVE-2017-3316
 - CVE-2017-3332
 - CVE-2017-3538
src:
  5:
   core:
     - kmod-vboxadditions-5.1.18-1.mga5
     - kmod-virtualbox-5.1.18-1.mga5
     - virtualbox-5.1.18-1.mga5
description: |
  This update provides virtualbox 5.1.18 maintenance release and resolves
  atleast the following security issues:

  A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated
  attacker unauthorized update, insert or delete access to some data as well
  as unauthorized read access to a subset of VirtualBox accessible data and
  unauthorized ability to cause a partial denial of service (bsc#1020856)
  (CVE-2016-5545).

  A vulnerability in the Shared Folder subcomponent of virtualbox allows high
  privileged attacker unauthorized creation, deletion or modification access
  to critical data and unauthorized ability to cause a hang or frequently
  repeatable crash (bsc#1020856) (CVE-2017-3290).

  A vulnerability in the GUI subcomponent of virtualbox allows high privileged
  attacker with network access via multiple protocols to compromise virtualbox
  (bsc#1020856) (CVE-2017-3316).

  A vulnerability in the SVGA Emulation subcomponent of virtualbox allows low
  privileged attacker unauthorized creation, deletion or modification access
  to critical data and unauthorized ability to cause a hang or frequently
  repeatable crash (bsc#1020856) (CVE-2017-3332).

  A vulnerability in the Shared Folder subcomponent of virtualbox allows high
  privileged attacker unauthorized creation, deletion or modification access
  to critical data and unauthorized access to critical data to all virtualbox
  accessible data (CVE-2017-3538).

  For other fixes in this update, see the referenced changelog.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=20222
 - https://www.virtualbox.org/wiki/Changelog
ID: MGASA-2017-0078
1	type: security
2	subject: Updated virtualbox packages fixes security vulnerabilities
3	CVE:
4	- CVE-2016-5545
5	- CVE-2017-3290
6	- CVE-2017-3316
7	- CVE-2017-3332
8	- CVE-2017-3538
9	src:
10	5:
11	core:
12	- kmod-vboxadditions-5.1.18-1.mga5
13	- kmod-virtualbox-5.1.18-1.mga5
14	- virtualbox-5.1.18-1.mga5
15	description: \|
16	This update provides virtualbox 5.1.18 maintenance release and resolves
17	atleast the following security issues:
18
19	A vulnerability in the GUI subcomponent of virtualbox allows unauthenticated
20	attacker unauthorized update, insert or delete access to some data as well
21	as unauthorized read access to a subset of VirtualBox accessible data and
22	unauthorized ability to cause a partial denial of service (bsc#1020856)
23	(CVE-2016-5545).
24
25	A vulnerability in the Shared Folder subcomponent of virtualbox allows high
26	privileged attacker unauthorized creation, deletion or modification access
27	to critical data and unauthorized ability to cause a hang or frequently
28	repeatable crash (bsc#1020856) (CVE-2017-3290).
29
30	A vulnerability in the GUI subcomponent of virtualbox allows high privileged
31	attacker with network access via multiple protocols to compromise virtualbox
32	(bsc#1020856) (CVE-2017-3316).
33
34	A vulnerability in the SVGA Emulation subcomponent of virtualbox allows low
35	privileged attacker unauthorized creation, deletion or modification access
36	to critical data and unauthorized ability to cause a hang or frequently
37	repeatable crash (bsc#1020856) (CVE-2017-3332).
38
39	A vulnerability in the Shared Folder subcomponent of virtualbox allows high
40	privileged attacker unauthorized creation, deletion or modification access
41	to critical data and unauthorized access to critical data to all virtualbox
42	accessible data (CVE-2017-3538).
43
44	For other fixes in this update, see the referenced changelog.
45	references:
46	- https://bugs.mageia.org/show_bug.cgi?id=20222
47	- https://www.virtualbox.org/wiki/Changelog
48	ID: MGASA-2017-0078