[SECURITY] [DLA 268-1] virtualbox-ose security update

2015-07-06T12:06:35
ID DEBIAN:DLA-268-1:2FB7C
Type debian
Reporter Debian
Modified 2015-07-06T12:06:35

Description

Package : virtualbox-ose Version : 3.2.10-dfsg-1+squeeze4 CVE ID : CVE-2015-0377 CVE-2015-0418 CVE-2015-3456 Debian Bug : #775888 #785424

Three vulnerabilities have been fixed in the Debian squeeze-lts version of VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution.

CVE-2015-0377

Avoid VirtualBox allowing local users to affect availability via
unknown vectors related to Core, which might result in denial of
service. (Other issue than CVE-2015-0418).

CVE-2015-0418

Avoid VirtualBox allowing local users to affect availability via
unknown vectors related to Core, which might result in denial of
service. (Other issue than CVE-2015-0377).

CVE-2015-3456

The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and
other virtualization products, allowed local guest users to cause a
denial of service (out-of-bounds write and guest crash) or possibly
execute arbitrary code via the (1) FD_CMD_READ_ID, (2)
FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands,
aka VENOM.

--

mike gabriel aka sunweaver (Debian Developer) fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net