Gentoo FoundationMGASA-2013-0222Updated virtualbox package fixes security issue
3.8 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:S/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
19.6%
This virtualbox update provides the 4.2.16 maintenance release, which fixes the following security issue: Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can be exploited to render the host network connection and the virtual machine instance unresponsive or locking the host by issuing e.g. the “tracepath” command. Successful exploitation requires the target virtual machine to be equipped with a paravirtualised network adapter (virtio-net). (CVE-2013-3792) For other changes in this update, see the referenced changelog.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 2 | noarch | kmod-vboxadditions | < 4.2.16-1 | kmod-vboxadditions-4.2.16-1.mga2 |
| Mageia | 2 | noarch | kmod-virtualbox | < 4.2.16-1 | kmod-virtualbox-4.2.16-1.mga2 |
| Mageia | 2 | noarch | virtualbox | < 4.2.16-1 | virtualbox-4.2.16-1.mga2 |
| Mageia | 3 | noarch | kmod-vboxadditions | < 4.2.16-1 | kmod-vboxadditions-4.2.16-1.mga3 |
| Mageia | 3 | noarch | kmod-virtualbox | < 4.2.16-1 | kmod-virtualbox-4.2.16-1.mga3 |
| Mageia | 3 | noarch | virtualbox | < 4.2.16-1 | virtualbox-4.2.16-1.mga3 |
Related
3.8 Low
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:H/Au:S/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
19.6%