[SECURITY] [DSA 2878-1] virtualbox security update

2014-03-1315:31:43

lists.debian.org

3.5 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

32.0%

JSON

Debian Security Advisory DSA-2878-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
March 13, 2014 http://www.debian.org/security/faq

Package : virtualbox
CVE ID : CVE-2013-5892 CVE-2014-0404 CVE-2014-0406 CVE-2014-0407
Debian Bug : 735410

Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86
virtualisation solution, resulting in denial of service, privilege
escalation and an information leak.

For the oldstable distribution (squeeze), these problems have been fixed in
version 3.2.10-dfsg-1+squeeze2 of the virtualbox-ose source package.

For the stable distribution (wheezy), these problems have been fixed in
version 4.1.18-dfsg-2+deb7u2.

For the testing distribution (jessie), these problems have been fixed in
version 4.3.6-dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 4.3.6-dfsg-1.

We recommend that you upgrade your virtualbox packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6amd64virtualbox-ose-dbg< 3.2.10-dfsg-1+squeeze2virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
Debian7amd64virtualbox< 4.1.18-dfsg-2+deb7u2virtualbox_4.1.18-dfsg-2+deb7u2_amd64.deb
Debian7amd64virtualbox-guest-utils< 4.1.18-dfsg-2+deb7u2virtualbox-guest-utils_4.1.18-dfsg-2+deb7u2_amd64.deb
Debian7i386virtualbox< 4.1.18-dfsg-2+deb7u2virtualbox_4.1.18-dfsg-2+deb7u2_i386.deb
Debian7i386virtualbox-guest-x11< 4.1.18-dfsg-2+deb7u2virtualbox-guest-x11_4.1.18-dfsg-2+deb7u2_i386.deb
Debian7allvirtualbox-source< 4.1.18-dfsg-2+deb7u2virtualbox-source_4.1.18-dfsg-2+deb7u2_all.deb
Debian7amd64virtualbox-dbg< 4.1.18-dfsg-2+deb7u2virtualbox-dbg_4.1.18-dfsg-2+deb7u2_amd64.deb
Debian7allvirtualbox-guest-dkms< 4.1.18-dfsg-2+deb7u2virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
Debian6allvirtualbox-ose-dkms< 3.2.10-dfsg-1+squeeze2virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
Debian7allvirtualbox-ose-dbg< 4.1.18-dfsg-2+deb7u2virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	amd64	virtualbox-ose-dbg	< 3.2.10-dfsg-1+squeeze2	virtualbox-ose-dbg_3.2.10-dfsg-1+squeeze2_amd64.deb
Debian	7	amd64	virtualbox	< 4.1.18-dfsg-2+deb7u2	virtualbox_4.1.18-dfsg-2+deb7u2_amd64.deb
Debian	7	amd64	virtualbox-guest-utils	< 4.1.18-dfsg-2+deb7u2	virtualbox-guest-utils_4.1.18-dfsg-2+deb7u2_amd64.deb
Debian	7	i386	virtualbox	< 4.1.18-dfsg-2+deb7u2	virtualbox_4.1.18-dfsg-2+deb7u2_i386.deb
Debian	7	i386	virtualbox-guest-x11	< 4.1.18-dfsg-2+deb7u2	virtualbox-guest-x11_4.1.18-dfsg-2+deb7u2_i386.deb
Debian	7	all	virtualbox-source	< 4.1.18-dfsg-2+deb7u2	virtualbox-source_4.1.18-dfsg-2+deb7u2_all.deb
Debian	7	amd64	virtualbox-dbg	< 4.1.18-dfsg-2+deb7u2	virtualbox-dbg_4.1.18-dfsg-2+deb7u2_amd64.deb
Debian	7	all	virtualbox-guest-dkms	< 4.1.18-dfsg-2+deb7u2	virtualbox-guest-dkms_4.1.18-dfsg-2+deb7u2_all.deb
Debian	6	all	virtualbox-ose-dkms	< 3.2.10-dfsg-1+squeeze2	virtualbox-ose-dkms_3.2.10-dfsg-1+squeeze2_all.deb
Debian	7	all	virtualbox-ose-dbg	< 4.1.18-dfsg-2+deb7u2	virtualbox-ose-dbg_4.1.18-dfsg-2+deb7u2_all.deb