Gentoo: GLSA-201805-08 Normal: VirtualBox Control Issues
gentoo
May 22, 2018
Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.
Summary
Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.
Topics Covered
Resolution
All VirtualBox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/virtualbox-5.1.36"
All VirtualBox binary users should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/virtualbox-bin-5.1.36.122089"
All VirtualBox binary users should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/virtualbox-bin-5.1.36.122089"
References
[ 1 ] CVE-2018-2830 https://nvd.nist.gov/vuln/detail/CVE-2018-2830 [ 2 ] CVE-2018-2831 https://nvd.nist.gov/vuln/detail/CVE-2018-2831 [ 3 ] CVE-2018-2835 https://nvd.nist.gov/vuln/detail/CVE-2018-2835 [ 4 ] CVE-2018-2836 https://nvd.nist.gov/vuln/detail/CVE-2018-2836 [ 5 ] CVE-2018-2837 https://nvd.nist.gov/vuln/detail/CVE-2018-2837 [ 6 ] CVE-2018-2842 https://nvd.nist.gov/vuln/detail/CVE-2018-2842 [ 7 ] CVE-2018-2843 https://nvd.nist.gov/vuln/detail/CVE-2018-2843 [ 8 ] CVE-2018-2844 https://nvd.nist.gov/vuln/detail/CVE-2018-2844 [ 9 ] CVE-2018-2845 https://nvd.nist.gov/vuln/detail/CVE-2018-2845 [ 10 ] CVE-2018-2860 https://nvd.nist.gov/vuln/detail/CVE-2018-2860
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201805-08
style>.gentoo_availability{display:block;}
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
PREVIOUS
NEXT
Severity: Normal
Title: VirtualBox: Multiple vulnerabilities
Date: May 22, 2018
Bugs: #655186
ID: 201805-08
Topics Covered
Background
VirtualBox is a powerful virtualization product from Oracle.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/virtualbox
< 5.1.36 >= 5.1.36
2 app-emulation/virtualbox-bin
< 5.1.36.122089 >= 5.1.36.122089
-------------------------------------------------------------------
2 affected packages
Impact
=====
An attacker could take control of VirtualBox resulting in the execution
of arbitrary code with the privileges of the process, a Denial of
Service condition, or other unspecified impacts.
Workaround
There is no known workaround at this time.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!