6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
73.9%
Multiple vulnerabilities in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core (CVE-2013-5892, CVE-2014-0404, CVE-2014-0405, CVE-2014-0406, CVE-2014-0407). VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a CR_MESSAGE_READBACK or CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption (CVE-2014-0981). Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled (CVE-2014-0983). The virtualbox packages has been updated to 4.3.10 maintenance release that resolves theese issues and other upstream reported issues (for more info check the referenced changelog). This update also resolves the following: - load virtualbox modules on install (mga#8826) - missing GUI translations (mga#12578)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 3 | noarch | kmod-vboxadditions | < 4.3.10-1 | kmod-vboxadditions-4.3.10-1.mga3 |
Mageia | 3 | noarch | kmod-virtualbox | < 4.3.10-1 | kmod-virtualbox-4.3.10-1.mga3 |
Mageia | 3 | noarch | virtualbox | < 4.3.10-1 | virtualbox-4.3.10-1.mga3 |