1 |
type: security |
2 |
subject: Virtualbox 6.0.6 fixes security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2019-2574 |
5 |
- CVE-2019-2656 |
6 |
- CVE-2019-2657 |
7 |
- CVE-2019-2678 |
8 |
- CVE-2019-2679 |
9 |
- CVE-2019-2680 |
10 |
- CVE-2019-2690 |
11 |
- CVE-2019-2696 |
12 |
- CVE-2019-2703 |
13 |
- CVE-2019-2721 |
14 |
- CVE-2019-2722 |
15 |
- CVE-2019-2723 |
16 |
src: |
17 |
6: |
18 |
core: |
19 |
- kmod-vboxadditions-6.0.6-1.mga6 |
20 |
- kmod-virtualbox-6.0.6-1.mga6 |
21 |
- virtualbox-6.0.6-1.mga6 |
22 |
description: | |
23 |
This update provides an update to the new Virtualbox 6.0 branch, |
24 |
currently 6.0.6. It also fixes the following security issues. |
25 |
|
26 |
Easily exploitable vulnerability allows low privileged attacker with logon |
27 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
28 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
29 |
attacks may significantly impact additional products. Successful attacks |
30 |
of this vulnerability can result in unauthorized access to critical data |
31 |
or complete access to all Oracle VM VirtualBox accessible data |
32 |
(CVE-2019-2574). |
33 |
|
34 |
Easily exploitable vulnerability allows low privileged attacker with logon |
35 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
36 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
37 |
attacks may significantly impact additional products. Successful attacks of |
38 |
this vulnerability can result in takeover of Oracle VM VirtualBox |
39 |
(CVE-2019-2656, CVE-2019-2657, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703, |
40 |
CVE-2019-2721, CVE-2019-2722, CVE-2019-2723 |
41 |
|
42 |
Easily exploitable vulnerability allows low privileged attacker with logon |
43 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
44 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
45 |
attacks may significantly impact additional products. Successful attacks of |
46 |
this vulnerability can result in unauthorized access to critical data or |
47 |
complete access to all Oracle VM VirtualBox accessible data (CVE-2019-2678). |
48 |
|
49 |
Easily exploitable vulnerability allows low privileged attacker with logon |
50 |
to the infrastructure where Oracle VM VirtualBox executes to compromise |
51 |
Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, |
52 |
attacks may significantly impact additional products. Successful attacks |
53 |
of this vulnerability can result in unauthorized ability to cause a hang |
54 |
or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and |
55 |
unauthorized read access to a subset of Oracle VM VirtualBox accessible |
56 |
data (CVE-2019-2679). |
57 |
|
58 |
Difficult to exploit vulnerability allows low privileged attacker with |
59 |
logon to the infrastructure where Oracle VM VirtualBox executes to |
60 |
compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM |
61 |
VirtualBox, attacks may significantly impact additional products. |
62 |
Successful attacks of this vulnerability can result in takeover of Oracle |
63 |
VM VirtualBox (CVE-2019-2690). |
64 |
|
65 |
For info about other changes in this update, see the referenced changelog. |
66 |
references: |
67 |
- https://bugs.mageia.org/show_bug.cgi?id=24683 |
68 |
- https://www.virtualbox.org/wiki/Changelog-6.0 |
69 |
- https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixOVIR |
70 |
ID: MGASA-2019-0151 |