Three vulnerabilities have been fixed in the Debian squeeze-lts version of
VirtualBox (package name: virtualbox-ose), a x86 virtualisation solution.
- CVE-2015-0377
Avoid VirtualBox allowing local users to affect availability via
unknown vectors related to Core, which might result in denial of
service. (Other issue than CVE-2015-0418).
- CVE-2015-0418
Avoid VirtualBox allowing local users to affect availability via
unknown vectors related to Core, which might result in denial of
service. (Other issue than CVE-2015-0377).
- CVE-2015-3456
The Floppy Disk Controller (FDC) in QEMU, also used in VirtualBox and
other virtualization products, allowed local guest users to cause a
denial of service (out-of-bounds write and guest crash) or possibly
execute arbitrary code via the (1) FD_CMD_READ_ID, (2)
FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands,
aka VENOM.