| 1 |
type: security |
| 2 |
subject: Virtualbox 6.0.6 fixes security vulnerabilities |
| 3 |
CVE: |
| 4 |
- CVE-2019-2574 |
| 5 |
- CVE-2019-2656 |
| 6 |
- CVE-2019-2657 |
| 7 |
- CVE-2019-2678 |
| 8 |
- CVE-2019-2679 |
| 9 |
- CVE-2019-2680 |
| 10 |
- CVE-2019-2690 |
| 11 |
- CVE-2019-2696 |
| 12 |
- CVE-2019-2703 |
| 13 |
- CVE-2019-2721 |
| 14 |
- CVE-2019-2722 |
| 15 |
- CVE-2019-2723 |
| 16 |
src: |
| 17 |
6: |
| 18 |
core: |
| 19 |
- kmod-vboxadditions-6.0.6-1.mga6 |
| 20 |
- kmod-virtualbox-6.0.6-1.mga6 |
| 21 |
- virtualbox-6.0.6-1.mga6 |
| 22 |
description: | |
| 23 |
This update provides an update to the new Virtualbox 6.0 branch, |
| 24 |
currently 6.0.6. It also fixes the following security issues. |
| 25 |
|
| 26 |
Easily exploitable vulnerability allows low privileged attacker with logon |
| 27 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
| 28 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
| 29 |
attacks may significantly impact additional products. Successful attacks |
| 30 |
of this vulnerability can result in unauthorized access to critical data |
| 31 |
or complete access to all Oracle VM VirtualBox accessible data |
| 32 |
(CVE-2019-2574). |
| 33 |
|
| 34 |
Easily exploitable vulnerability allows low privileged attacker with logon |
| 35 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
| 36 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
| 37 |
attacks may significantly impact additional products. Successful attacks of |
| 38 |
this vulnerability can result in takeover of Oracle VM VirtualBox |
| 39 |
(CVE-2019-2656, CVE-2019-2657, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, |
| 40 |
CVE-2019-2721, CVE-2019-2722, CVE-2019-2723 |
| 41 |
|
| 42 |
Easily exploitable vulnerability allows low privileged attacker with logon |
| 43 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
| 44 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
| 45 |
attacks may significantly impact additional products. Successful attacks of |
| 46 |
this vulnerability can result in unauthorized access to critical data or |
| 47 |
complete access to all Oracle VM VirtualBox accessible data (CVE-2019-2678). |
| 48 |
|
| 49 |
Easily exploitable vulnerability allows low privileged attacker with logon |
| 50 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
| 51 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
| 52 |
attacks may significantly impact additional products. Successful attacks |
| 53 |
of this vulnerability can result in unauthorized ability to cause a hang |
| 54 |
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and |
| 55 |
unauthorized read access to a subset of Oracle VM VirtualBox accessible |
| 56 |
data (CVE-2019-2679). |
| 57 |
|
| 58 |
Difficult to exploit vulnerability allows low privileged attacker with |
| 59 |
logon to the infrastructure where Oracle VM VirtualBox executes to |
| 60 |
compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM |
| 61 |
VirtualBox, attacks may significantly impact additional products. |
| 62 |
Successful attacks of this vulnerability can result in takeover of Oracle |
| 63 |
VM VirtualBox (CVE-2019-2690). |
| 64 |
|
| 65 |
For info about other changes in this update, see the referenced changelog. |
| 66 |
references: |
| 67 |
- https://bugs.mageia.org/show_bug.cgi?id=24683 |
| 68 |
- https://www.virtualbox.org/wiki/Changelog-6.0 |
| 69 |
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixOVIR |
| 70 |
ID: MGASA-2019-0151 |
Parent Directory
| 
Revision Log