1 |
type: security |
2 |
subject: Updated virtualbox package fixes security issue |
3 |
CVE: |
4 |
- CVE-2013-3792 |
5 |
src: |
6 |
2: |
7 |
core: |
8 |
- kmod-vboxadditions-4.2.16-1.mga2 |
9 |
- kmod-virtualbox-4.2.16-1.mga2 |
10 |
- virtualbox-4.2.16-1.mga2 |
11 |
3: |
12 |
core: |
13 |
- kmod-vboxadditions-4.2.16-1.mga3 |
14 |
- kmod-virtualbox-4.2.16-1.mga3 |
15 |
- virtualbox-4.2.16-1.mga3 |
16 |
description: | |
17 |
This virtualbox update provides the 4.2.16 maintenance release, |
18 |
which fixes the following security issue: |
19 |
|
20 |
Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, |
21 |
which can be exploited by malicious, local users in a guest virtual |
22 |
machine to cause a DoS (Denial of Service). |
23 |
The vulnerability is caused due to an unspecified error and can be |
24 |
exploited to render the host network connection and the virtual machine |
25 |
instance unresponsive or locking the host by issuing e.g. the "tracepath" |
26 |
command. |
27 |
Successful exploitation requires the target virtual machine to be |
28 |
equipped with a paravirtualised network adapter (virtio-net). |
29 |
(CVE-2013-3792) |
30 |
|
31 |
For other changes in this update, see the referenced changelog. |
32 |
references: |
33 |
- https://bugs.mageia.org/show_bug.cgi?id=10736 |
34 |
- https://www.virtualbox.org/wiki/Changelog |
35 |
- https://www.virtualbox.org/ticket/11863 |
36 |
ID: MGASA-2013-0222 |