/[advisories]/24683.adv
ViewVC logotype

Contents of /24683.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8480 - (show annotations) (download)
Sat May 4 19:40:11 2019 UTC (6 weeks, 1 day ago) by tmb
File size: 3220 byte(s)
MGASA-2019-0151: kmod-vboxadditions-6.0.6-1.mga6, kmod-virtualbox-6.0.6-1.mga6, virtualbox-6.0.6-1.mga6
1 type: security
2 subject: Virtualbox 6.0.6 fixes security vulnerabilities
3 CVE:
4 - CVE-2019-2574
5 - CVE-2019-2656
6 - CVE-2019-2657
7 - CVE-2019-2678
8 - CVE-2019-2679
9 - CVE-2019-2680
10 - CVE-2019-2690
11 - CVE-2019-2696
12 - CVE-2019-2703
13 - CVE-2019-2721
14 - CVE-2019-2722
15 - CVE-2019-2723
16 src:
17 6:
18 core:
19 - kmod-vboxadditions-6.0.6-1.mga6
20 - kmod-virtualbox-6.0.6-1.mga6
21 - virtualbox-6.0.6-1.mga6
22 description: |
23 This update provides an update to the new Virtualbox 6.0 branch,
24 currently 6.0.6. It also fixes the following security issues.
25
26 Easily exploitable vulnerability allows low privileged attacker with logon
27 to the infrastructure where Oracle VM VirtualBox executes to compromise
28 Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
29 attacks may significantly impact additional products. Successful attacks
30 of this vulnerability can result in unauthorized access to critical data
31 or complete access to all Oracle VM VirtualBox accessible data
32 (CVE-2019-2574).
33
34 Easily exploitable vulnerability allows low privileged attacker with logon
35 to the infrastructure where Oracle VM VirtualBox executes to compromise
36 Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
37 attacks may significantly impact additional products. Successful attacks of
38 this vulnerability can result in takeover of Oracle VM VirtualBox
39 (CVE-2019-2656, CVE-2019-2657, CVE-2019-2680, CVE-2019-2696, CVE-2019-2703,
40 CVE-2019-2721, CVE-2019-2722, CVE-2019-2723
41
42 Easily exploitable vulnerability allows low privileged attacker with logon
43 to the infrastructure where Oracle VM VirtualBox executes to compromise
44 Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
45 attacks may significantly impact additional products. Successful attacks of
46 this vulnerability can result in unauthorized access to critical data or
47 complete access to all Oracle VM VirtualBox accessible data (CVE-2019-2678).
48
49 Easily exploitable vulnerability allows low privileged attacker with logon
50 to the infrastructure where Oracle VM VirtualBox executes to compromise
51 Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox,
52 attacks may significantly impact additional products. Successful attacks
53 of this vulnerability can result in unauthorized ability to cause a hang
54 or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and
55 unauthorized read access to a subset of Oracle VM VirtualBox accessible
56 data (CVE-2019-2679).
57
58 Difficult to exploit vulnerability allows low privileged attacker with
59 logon to the infrastructure where Oracle VM VirtualBox executes to
60 compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
61 VirtualBox, attacks may significantly impact additional products.
62 Successful attacks of this vulnerability can result in takeover of Oracle
63 VM VirtualBox (CVE-2019-2690).
64
65 For info about other changes in this update, see the referenced changelog.
66 references:
67 - https://bugs.mageia.org/show_bug.cgi?id=24683
68 - https://www.virtualbox.org/wiki/Changelog-6.0
69 - https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixOVIR
70 ID: MGASA-2019-0151

  ViewVC Help
Powered by ViewVC 1.1.26