Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2017:1141-1
HistoryMay 02, 2017 - 3:09 p.m.

Security update for virtualbox (important)

2017-05-0215:09:05
lists.opensuse.org
32

0.002 Low

EPSS

Percentile

56.5%

JSON

This update to virtualbox 5.0.40 fixes the following issues:

These security issues were fixed (bsc#1034854):

  • CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Difficult to exploit
    vulnerability allows high privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    unauthorized read access to a subset of Oracle VM VirtualBox accessible
    data.

  • CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Shared Folder). Difficult to
    exploit vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    unauthorized creation, deletion or modification access to critical data
    or all Oracle VM VirtualBox accessible data as well as unauthorized
    access to critical data or complete access to all Oracle VM VirtualBox
    accessible data.

  • CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Easily exploitable
    vulnerability allows unauthenticated attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    unauthorized ability to cause a hang or frequently repeatable crash
    (complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
    insert or delete access to some of Oracle VM VirtualBox accessible data
    and unauthorized read access to a subset of Oracle VM VirtualBox
    accessible data.

  • CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Easily exploitable
    vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    unauthorized ability to cause a hang or frequently repeatable crash
    (complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
    insert or delete access to some of Oracle VM VirtualBox accessible data
    and unauthorized read access to a subset of Oracle VM VirtualBox
    accessible data.

  • CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Easily exploitable
    vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    takeover of Oracle VM VirtualBox.

  • CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Easily exploitable
    vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    takeover of Oracle VM VirtualBox.

  • CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Easily exploitable
    vulnerability allows high privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    unauthorized creation, deletion or modification access to critical data
    or all Oracle VM VirtualBox accessible data and unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox.

  • CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Core). Easily exploitable
    vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    takeover of Oracle VM VirtualBox.

  • CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of
    Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable
    vulnerability allows low privileged attacker with logon to the
    infrastructure where Oracle VM VirtualBox executes to compromise Oracle
    VM VirtualBox. Successful attacks of this vulnerability can result in
    unauthorized creation, deletion or modification access to critical data
    or all Oracle VM VirtualBox accessible data and unauthorized ability to
    cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox. These non-security issues were fixed:

  • Storage: fixed a potential hang under rare circumstances

  • Storage: fixed a potential crash under rare circumstances (asynchronous
    I/O disabled or during maintenance file operations like merging
    snapshots)

  • Storage: fixed a potential crash under rare circumstances (no
    asynchronous I/O or during maintenance file operations like merging
    snapshots)

  • Linux hosts: make the ALSA backend work again as well as Loading the GL
    libraries on certain hosts

  • GUI: don’t crash on restoring defaults in the appliance import dialog

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.1x86_64python-virtualbox-debuginfo<Β 5.0.40-40.1python-virtualbox-debuginfo-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-host-kmp-default-debuginfo<Β 5.0.40_k4.1.39_53-40.1virtualbox-host-kmp-default-debuginfo-5.0.40_k4.1.39_53-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-guest-x11-debuginfo<Β 5.0.40-40.1virtualbox-guest-x11-debuginfo-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox<Β 5.0.40-40.1virtualbox-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-host-kmp-default<Β 5.0.40_k4.1.39_53-40.1virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-guest-x11<Β 5.0.40-40.1virtualbox-guest-x11-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64python-virtualbox<Β 5.0.40-40.1python-virtualbox-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-qt-debuginfo<Β 5.0.40-40.1virtualbox-qt-debuginfo-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-guest-tools<Β 5.0.40-40.1virtualbox-guest-tools-5.0.40-40.1.x86_64.rpm
openSUSE Leap42.1x86_64virtualbox-guest-tools-debuginfo<Β 5.0.40-40.1virtualbox-guest-tools-debuginfo-5.0.40-40.1.x86_64.rpm
Rows per page:
1-10 of 201

Related

suse 1
nessus 4
openvas 10
mageia 2
kaspersky 2
debiancve 9
seebug 4
prion 9
cve 9
ubuntucve 9
zdt 6
packetstorm 1
googleprojectzero 1
oracle 1
suse
suse
Security update for virtualbox (important)
2017-05-02 15:09:19
nessus
nessus
Oracle VM VirtualBox 5.0.x < 5.0.38 / 5.1.x < 5.1.20 (April 2017 CPU)
2017-04-20 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2017-533)
2017-05-03 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2017-534)
2017-05-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:1142-1)
2017-05-03 00:00:00
openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:1141-1)
2017-05-03 00:00:00
Mageia: Security Advisory (MGASA-2017-0135)
2022-01-28 00:00:00
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2017-05-09 09:35:29
Updated virtualbox packages fixes security vulnerabilities
2017-03-23 10:19:23
kaspersky
kaspersky
KLA11027 Multiple vulnerabilities in Oracle VM VirtualBox
2017-04-24 00:00:00
KLA11028 A read/write local files vulnerability in Oracle VM Virtual Box
2017-04-24 00:00:00
debiancve
debiancve
CVE-2017-3575
2017-04-24 19:59:00
CVE-2017-3538
2017-04-24 19:59:00
CVE-2017-3576
2017-04-24 19:59:00
seebug
seebug
VirtualBox: cooperating VMs can escape from shared folder (CVE-2017-3538)
2017-04-17 00:00:00
VirtualBox: guest-to-host out-of-bounds write via virtio-net (CVE-2017-3575)
2017-04-19 00:00:00
VirtualBox: unprivileged host user -> host kernel privesc via environment and ioctl (CVE-2017-3561)
2017-04-19 00:00:00
prion
prion
Design/Logic Flaw
2017-04-24 19:59:00
Buffer overflow
2017-04-24 19:59:00
Buffer overflow
2017-04-24 19:59:00
cve
cve
CVE-2017-3538
2017-04-24 19:59:00
CVE-2017-3575
2017-04-24 19:59:00
CVE-2017-3513
2017-04-24 19:59:00
ubuntucve
ubuntucve
CVE-2017-3538
2017-04-24 00:00:00
CVE-2017-3513
2017-04-24 00:00:00
CVE-2017-3559
2017-04-24 00:00:00
zdt
zdt
VirtualBox Guest-To-Host Out-Of-Bounds Write Exploit
2017-04-19 00:00:00
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation Exploit
2017-04-19 00:00:00
VirtualBox - Environment and ioctl Unprivileged Host User to Host Kernel Privilege Escalation Exploi
2017-04-21 00:00:00
packetstorm
packetstorm
VirtualBox Unprivilege Host User To Host Kernel Privilege Escalation
2017-04-19 00:00:00
googleprojectzero
googleprojectzero
Bypassing VirtualBox Process Hardening on Windows
2017-08-23 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00

0.002 Low

EPSS

Percentile

56.5%

JSON
Related for OPENSUSE-SU-2017:1141-1
suse1nessus4openvas10mageia2kaspersky2debiancve9seebug4prion9cve9ubuntucve9zdt6packetstorm1googleprojectzero1oracle1