Ubuntu
virtualbox package

Virtualbox security issue

Asked by ubuntu-tester

Hello Everybody,

"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core."
=> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4813

"Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8 allows remote attackers to affect availability via unknown vectors related to Core."
=> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4856
=> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4896

See also : http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

I would like to know if a security upgrade is planned for this vulnerability ?

Thanks. Have a good day !

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu virtualbox Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug. Mark it as a security bug and add the links from this page to the bug you report.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#2

The problems apparently are already known, see

http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4813.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4856.html
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4896.html

(I do not have any knowledge on the planning for fixes.)

Can you help with this problem?

Provide an answer of your own, or ask ubuntu-tester for more information if necessary.

To post a message you must log in.