Updated virtualbox packages fixes security vulnerability This update provides the 4.3.28 maintenance release fixing the following security issue: The Floppy Disk Controller (FDC) in QEMU, XEN, KVM and virtualbox allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the FD_CMD_READ_ID, FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM (CVE-2015-3456). For other fixes in the maintenance release, read the referenced changelog.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchkmod-vboxadditions< 4.3.28-1kmod-vboxadditions-4.3.28-1.mga4
Mageia4noarchkmod-virtualbox< 4.3.28-1kmod-virtualbox-4.3.28-1.mga4
Mageia4noarchvirtualbox< 4.3.28-1virtualbox-4.3.28-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	kmod-vboxadditions	< 4.3.28-1	kmod-vboxadditions-4.3.28-1.mga4
Mageia	4	noarch	kmod-virtualbox	< 4.3.28-1	kmod-virtualbox-4.3.28-1.mga4
Mageia	4	noarch	virtualbox	< 4.3.28-1	virtualbox-4.3.28-1.mga4

References

bugs.mageia.org/show_bug.cgi?id=15935

www.virtualbox.org/wiki/Changelog

checkpoint_security 1

archlinux 1

redhat 9

osv 6

openvas 56

fortinet 1

nessus 55

altlinux 1

fedora 13

suse 13

debian 6

lenovo 2

huawei 1

freebsd 1

threatpost 3

oraclelinux 4

ibm 4

myhack58 1

prion 1

f5 2

veracode 1

cve 1

centos 4

ubuntucve 1

arista 1

xen 1

thn 2

symantec 1

debiancve 1

mageia 1

securityvulns 2

ubuntu 1

gentoo 1

checkpoint_security

Check Point response to CVE-2015-3456 (VENOM)

2015-05-12 21:00:00

archlinux

qemu: arbitrary code execution

2015-05-14 00:00:00

redhat

(RHSA-2015:1011) Important: rhev-hypervisor security update

2015-05-15 00:00:00

(RHSA-2015:1031) Important: qemu-kvm security update

2015-05-27 00:00:00

(RHSA-2015:1001) Important: qemu-kvm-rhev security update

2015-05-13 00:00:00

osv

virtualbox - security update

2015-05-28 00:00:00

qemu-kvm - security update

2015-06-19 00:00:00

xen - security update

2015-05-18 00:00:00

openvas

Debian Security Advisory DSA 3262-1 (xen - security update)

2015-05-18 00:00:00

RedHat Update for xen RHSA-2015:1002-01

2015-06-09 00:00:00

Debian: Security Advisory (DLA-248-1)

2023-03-08 00:00:00

fortinet

CVE-2015-3456 "VENOM" vulnerability

2015-05-19 00:00:00

nessus

CentOS 5 : xen (CESA-2015:1002) (Venom)

2015-05-13 00:00:00

Oracle Linux 7 : qemu-kvm (ELSA-2015-0999) (Venom)

2015-05-14 00:00:00

RHEL 7 : qemu-kvm (RHSA-2015:0999) (Venom)

2015-05-13 00:00:00

altlinux

Security fix for the ALT Linux 7 package qemu version 1.4.0-alt1.1.M70P.1

2015-05-15 00:00:00

fedora

[SECURITY] Fedora 22 Update: xen-4.5.0-9.fc22

2015-05-26 03:43:40

[SECURITY] Fedora 22 Update: qemu-2.3.0-4.fc22

2015-05-26 03:41:20

[SECURITY] Fedora 22 Update: qemu-2.3.0-5.fc22

2015-06-11 18:35:42

suse

Security update for KVM (important)

2015-05-16 00:04:49

Security update for qemu (important)

2015-05-18 14:04:51

Security update for Xen (important)

2015-05-26 14:06:51

debian

[SECURITY] [DLA 248-1] qemu security update

2015-06-19 15:05:33

[SECURITY] [DLA 249-1] qemu-kvm security update

2015-06-19 15:19:48

[SECURITY] [DSA 3274-1] virtualbox security update

2015-05-28 21:17:43

lenovo

Venom

2017-01-23 00:00:00

Venom - Lenovo Support US

2017-01-23 00:00:00

huawei

Security Advisory - VENOM Vulnerability in Huawei Products

2015-06-09 00:00:00

freebsd

qemu, xen and VirtualBox OSE -- possible VM escape and code execution ("VENOM")

2015-04-29 00:00:00

threatpost

Oracle Patches VENOM Vulnerability

2015-05-18 10:49:00

Flaw in Virtualization Software Could Lead to VM Escapes, Data Theft

2015-05-13 09:34:43

Oracle Patches Java Zero Day

2015-07-15 09:44:12

oraclelinux

qemu-kvm security update

2015-05-13 00:00:00

xen security update

2015-05-13 00:00:00

kvm security update

2015-05-13 00:00:00

ibm

Security Bulletin:Venom qemu vulnerability affects PowerKVM (CVE-2015-3456)

2018-06-18 01:28:20

Security Bulletin: Venom vulnerability affects IBM Flex System Manager (FSM) (CVE-2015-3456)

2019-01-31 02:10:01

Security Bulletin: Venom vulnerability affects IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

2018-06-17 22:30:13

myhack58

Vulnerability warning:“venom（VENOM”the vulnerability affects millions worldwide virtual machine security-vulnerability warning-the black bar safety net

2015-05-15 00:00:00

prion

Out-of-bounds

2015-05-13 18:59:00

K16620 : QEMU vulnerability CVE-2015-3456

2015-10-03 00:00:00

SOL16620 - QEMU vulnerability CVE-2015-3456

2015-05-13 00:00:00

veracode

Denial Of Service (DoS)

2019-01-15 09:05:54

cve

CVE-2015-3456

2015-05-13 18:59:00

centos

xen security update

2015-05-13 15:16:55

qemu security update

2015-05-13 15:37:07

libcacard, qemu security update

2015-05-13 16:57:36

ubuntucve

CVE-2015-3456

2015-05-13 00:00:00

arista

Security Advisory 0010

2015-05-14 00:00:00

xen

Privilege escalation via emulated floppy disk drive

2015-05-13 11:15:00

thn

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

2015-05-14 05:32:00

Why You Should Consider QEMU Live Patching

2021-09-23 11:16:00

symantec

SA95 : VENOM Vulnerability in Virtualization Platforms

2015-05-15 08:00:00

debiancve

CVE-2015-3456

2015-05-13 18:59:00

mageia

Updated qemu packages fix CVE-2015-3456

2015-05-13 18:54:07

securityvulns

[USN-2608-1] QEMU vulnerabilities

2015-05-17 00:00:00

libvirt / qemu security vulnerabilities

2015-05-17 00:00:00

ubuntu

QEMU vulnerabilities

2015-05-13 00:00:00

gentoo

VirtualBox: Multiple vulnerabilities

2016-12-11 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.7 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:S/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

40.0%

JSON

Related for MGASA-2015-0228