Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2018:2295-1
HistoryAug 10, 2018 - 3:15 a.m.

Security update for virtualbox (important)

2018-08-1003:15:50
lists.opensuse.org
48

0.001 Low

EPSS

Percentile

42.1%

JSON

This update for virtualbox to version 5.2.16 fixes the following issues:

The following security vulnerabilities were fixed (boo#1101667):

  • CVE-2018-3005: Fixed an easily exploitable vulnerability that allowed
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks of this vulnerability can result in unauthorized ability to
    cause a partial denial
    of service (partial DOS) of Oracle VM VirtualBox.

  • CVE-2018-3055: Fixed an easily exploitable vulnerability that allowed
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in unauthorized ability to cause a hang or
    frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and
    unauthorized read access to a subset of Oracle VM VirtualBox accessible
    data.

  • CVE-2018-3085: Fixed an easily exploitable vulnerability that allowed
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in unauthorized creation, deletion or
    modification access to critical data or all Oracle VM VirtualBox
    accessible data as well as unauthorized read access to a subset of
    Oracle VM VirtualBox accessible data and unauthorized ability to cause a
    hang or frequently repeatable crash (complete DOS) of Oracle VM
    VirtualBox.

  • CVE-2018-3086: Fixed an easily exploitable vulnerability that allowed
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in takeover of Oracle VM VirtualBox.

  • CVE-2018-3087: Fixed an easily exploitable vulnerability that allowed
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in takeover of Oracle VM VirtualBox.

  • CVE-2018-3088: Fixed an easily exploitable vulnerability allows
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in takeover of Oracle VM VirtualBox.

  • CVE-2018-3089: Fixed an easily exploitable vulnerability allows
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in takeover of Oracle VM VirtualBox.

  • CVE-2018-3090: Fixed an easily exploitable vulnerability allows
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in takeover of Oracle VM VirtualBox.

  • CVE-2018-3091: Fixed an easily exploitable vulnerability allows
    unauthenticated attacker with logon to the infrastructure where Oracle
    VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful
    attacks require human interaction from a person other than the attacker
    and while the vulnerability is in Oracle VM VirtualBox, attacks may
    significantly impact additional products. Successful attacks of this
    vulnerability can result in unauthorized access to critical data or
    complete access to all Oracle VM VirtualBox accessible data.

The following bugs were fixed:

  • OVF: case insensitive comparison of manifest attribute values, to
    improve compatibility
OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0noarchvirtualbox-guest-source< 5.2.16-lp150.4.9.1virtualbox-guest-source-5.2.16-lp150.4.9.1.noarch.rpm
openSUSE Leap15.0noarchvirtualbox-host-source< 5.2.16-lp150.4.9.1virtualbox-host-source-5.2.16-lp150.4.9.1.noarch.rpm
openSUSE Leap15.0x86_64virtualbox-guest-kmp-default< 5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1virtualbox-guest-kmp-default-5.2.16_k4.12.14_lp150.12.7-lp150.4.9.1.x86_64.rpm
openSUSE Leap15.0noarchvirtualbox-guest-desktop-icons< 5.2.16-lp150.4.9.1virtualbox-guest-desktop-icons-5.2.16-lp150.4.9.1.noarch.rpm
openSUSE Leap15.0x86_64python3-virtualbox-debuginfo< 5.2.16-lp150.4.9.1python3-virtualbox-debuginfo-5.2.16-lp150.4.9.1.x86_64.rpm
openSUSE Leap15.0x86_64python3-virtualbox< 5.2.16-lp150.4.9.1python3-virtualbox-5.2.16-lp150.4.9.1.x86_64.rpm
openSUSE Leap15.0x86_64virtualbox-devel< 5.2.16-lp150.4.9.1virtualbox-devel-5.2.16-lp150.4.9.1.x86_64.rpm
openSUSE Leap15.0x86_64virtualbox-debuginfo< 5.2.16-lp150.4.9.1virtualbox-debuginfo-5.2.16-lp150.4.9.1.x86_64.rpm
openSUSE Leap15.0x86_64virtualbox-debugsource< 5.2.16-lp150.4.9.1virtualbox-debugsource-5.2.16-lp150.4.9.1.x86_64.rpm
openSUSE Leap15.0x86_64virtualbox< 5.2.16-lp150.4.9.1virtualbox-5.2.16-lp150.4.9.1.x86_64.rpm

Related

nessus 4
kaspersky 1
openvas 6
mageia 1
suse 1
debiancve 9
ubuntucve 9
prion 9
cve 9
zdi 12
oracle 1
nessus
nessus
openSUSE Security Update : virtualbox (openSUSE-2018-853)
2018-08-10 00:00:00
Oracle VM VirtualBox < 5.2.16 Multiple Vulnerabilities (July 2018 CPU)
2018-07-20 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2019-586)
2019-03-27 00:00:00
kaspersky
kaspersky
KLA11295 Multiple vulnerabilities in Oracle Virtual Box
2018-07-17 00:00:00
openvas
openvas
Oracle VirtualBox Security Updates (jul2018-4258247) - Windows
2018-07-18 00:00:00
Mageia: Security Advisory (MGASA-2018-0360)
2022-01-28 00:00:00
Oracle VirtualBox Security Updates (jul2018-4258247) - Mac OS X
2018-07-18 00:00:00
mageia
mageia
Updated virtualbox packages fix security vulnerabilities
2018-09-01 00:11:59
suse
suse
Security update for kbuild, virtualbox (important)
2018-08-27 00:07:57
debiancve
debiancve
CVE-2018-3091
2018-07-18 13:29:00
CVE-2018-3087
2018-07-18 13:29:00
CVE-2018-3005
2018-07-18 13:29:00
ubuntucve
ubuntucve
CVE-2018-3091
2018-07-18 00:00:00
CVE-2018-3088
2018-07-18 00:00:00
CVE-2018-3005
2018-07-18 00:00:00
prion
prion
Buffer overflow
2018-07-18 13:29:00
Buffer overflow
2018-07-18 13:29:00
Buffer overflow
2018-07-18 13:29:00
cve
cve
CVE-2018-3091
2018-07-18 13:29:00
CVE-2018-3005
2018-07-18 13:29:00
CVE-2018-3085
2018-07-18 13:29:00
zdi
zdi
Oracle VirtualBox SHCRGL_GUEST_FN_WRITE_READ_BUFFERED Uninitialized Memory Information Disclosure Vulnerability
2018-07-18 00:00:00
Oracle VirtualBox crUnpackPixelMapusv Untrusted Pointer Dereference Privilege Escalation Vulnerability
2018-07-18 00:00:00
Oracle VirtualBox crUnpackPixelMapuiv Untrusted Pointer Dereference Privilege Escalation Vulnerability
2018-07-18 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

0.001 Low

EPSS

Percentile

42.1%

JSON
Related for OPENSUSE-SU-2018:2295-1
nessus4kaspersky1openvas6mageia1suse1debiancve9ubuntucve9prion9cve9zdi12oracle1