GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Apr 09, 2012 11:26 pm Post subject: [ GLSA 201204-01 ] VirtualBox: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: VirtualBox: Multiple vulnerabilities (GLSA 201204-01)
Severity: normal
Exploitable: local
Date: April 09, 2012
Bug(s): #386317, #399807
ID: 201204-01
Synopsis
Multiple vulnerabilities were found in VirtualBox, allowing local
attackers to gain escalated privileges.
Background
VirtualBox is a powerful virtualization product from Oracle.
Affected Packages
Package: app-emulation/virtualbox
Vulnerable: < 4.1.8
Unaffected: >= 4.1.8
Architectures: All supported architectures
Package: app-emulation/virtualbox-bin
Vulnerable: < 4.1.8
Unaffected: >= 4.1.4
Architectures: All supported architectures
Description
Multiple unspecified vulnerabilities have been discovered in VirtualBox.
Please review the CVE identifiers referenced below for details.
Impact
A local attacker may be able to gain escalated privileges via unknown
attack vectors.
Workaround
There is no known workaround at this time.
Resolution
All VirtualBox users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.1.8"
|
All VirtualBox binary users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-bin-4.1.8"
|
References
CVE-2010-4414
CVE-2011-2300
CVE-2011-2305
CVE-2012-0105
CVE-2012-0111 |
|
News & Announcements
