Lucene search

GoogleOSV:DSA-2904-1

HistoryApr 15, 2014 - 12:00 a.m.

virtualbox - security update

2014-04-1500:00:00

Google

osv.dev

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Francisco Falcon discovered that missing input sanitizing in the 3D
acceleration code in VirtualBox could lead to the execution of arbitrary
code on the host system.

For the oldstable distribution (squeeze), these problems have been fixed in
version 3.2.10-dfsg-1+squeeze3.

For the stable distribution (wheezy), these problems have been fixed in
version 4.1.18-dfsg-2+deb7u3.

For the testing distribution (jessie), these problems have been fixed in
version 4.3.10-dfsg-1.

For the unstable distribution (sid), these problems have been fixed in
version 4.3.10-dfsg-1.

We recommend that you upgrade your virtualbox packages.

CPENameOperatorVersion
virtualboxeq4.1.18-dfsg-2+deb7u2
virtualboxeq4.1.18-dfsg-2+deb7u3~bpo60+1
virtualboxeq4.1.18-dfsg-2+deb7u1

Name	Operator	Version
virtualbox	eq	4.1.18-dfsg-2+deb7u2
virtualbox	eq	4.1.18-dfsg-2+deb7u3~bpo60+1
virtualbox	eq	4.1.18-dfsg-2+deb7u1

References

www.debian.org/security/2014/dsa-2904

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Related for OSV:DSA-2904-1