CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
99.4%
This update provides the virtualbox 5.1.30 maintenance release, fixing security and other issues: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack (CVE-2017-3730). OpenSSL is vulnerable to a denial of service, caused by an out-of-bounds read when using a specific cipher. By sending specially crafted truncated packets, a remote attacker could exploit this vulnerability using CHACHA20/POLY1305 to cause the application to crash (CVE-2017-3731). OpenSSL could allow a remote attacker to obtain sensitive information, caused by a propagation error in the BN_mod_exp() function. An attacker could exploit this vulnerability to obtain information about the private key (CVE-2017-3732). During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected (CVE-2017-3733) A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service (CVE-2017-10392, CVE-2017-10407, CVE-2017-10408). A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and partially deny service (CVE-2017-10428). For other fixes in this update see the referenced changelog.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | virtualbox | < 5.1.30-1 | virtualbox-5.1.30-1.mga5 |
Mageia | 5 | noarch | kmod-vboxadditions | < 5.1.30-1 | kmod-vboxadditions-5.1.30-1.mga5 |
Mageia | 5 | noarch | kmod-virtualbox | < 5.1.30-1 | kmod-virtualbox-5.1.30-1.mga5 |
Mageia | 6 | noarch | virtualbox | < 5.1.30-1 | virtualbox-5.1.30-1.mga6 |
Mageia | 6 | noarch | kmod-vboxadditions | < 5.1.30-1 | kmod-vboxadditions-5.1.30-1.mga6 |
Mageia | 6 | noarch | kmod-virtualbox | < 5.1.30-1 | kmod-virtualbox-5.1.30-1.mga6 |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
99.4%