virtualbox-ose - security update

2015-09-2900:00:00

Google

osv.dev

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

JSON

The latest maintenance release of the VirtualBox (OSE) 3.2.x series
(i.e., version 3.2.28) has been uploaded to Debian LTS (squeeze). Thanks
to Gianfranco Costamagna for preparing packages for review and upload by
the Debian LTS Team.

Unfortunately, Oracle no longer provides information on specific security
vulnerabilities in VirtualBox, thus we provide their latest 3.2.28
maintenance release in Debian LTS (squeeze) directly.

CVE-2013-3792
Oracle reported an unspecified vulnerability in the Oracle VM
VirtualBox component in Oracle Virtualization VirtualBox prior to
3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect
availability via unknown vectors related to Core.

The fix for CVE-2013-3792 prevents a virtio-net host DoS
vulnerability by adding large frame support to IntNet, VirtioNet and
NetFilter plus dropping oversized frames.

CVE-2014-2486
Unspecified vulnerability in the Oracle VM VirtualBox component
in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26,
4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity
and availability via unknown vectors related to Core.

No further details have been provided, the attack range has been
given as local, severity low.

CVE-2014-2488
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect confidentiality via
unknown vectors related to Core.

No further details can been provided, the attack range has been
given as local, severity low.

CVE-2014-2489
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core.

No further details can been provided, the attack range has been
given as local, severity medium.

CVE-2015-2594
Unspecified vulnerability in the Oracle VM VirtualBox component
in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40,
4.2.32, and 4.3.30 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core.

This update fixes an issue related to guests using bridged networking
via WiFi.

CPENameOperatorVersion
virtualbox-oseeq3.2.10-dfsg-1+squeeze4
virtualbox-oseeq3.2.10-dfsg-1+squeeze1
virtualbox-oseeq3.2.12-dfsg-1
virtualbox-oseeq3.2.10-dfsg-1
virtualbox-oseeq3.2.10-dfsg-1+squeeze2
virtualbox-oseeq3.2.10-dfsg-2
virtualbox-oseeq3.2.10-dfsg-1+squeeze3

Name	Operator	Version
virtualbox-ose	eq	3.2.10-dfsg-1+squeeze4
virtualbox-ose	eq	3.2.10-dfsg-1+squeeze1
virtualbox-ose	eq	3.2.12-dfsg-1
virtualbox-ose	eq	3.2.10-dfsg-1
virtualbox-ose	eq	3.2.10-dfsg-1+squeeze2
virtualbox-ose	eq	3.2.10-dfsg-2
virtualbox-ose	eq	3.2.10-dfsg-1+squeeze3