Gentoo: GLSA-202101-09: VirtualBox: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.
Resolution
All Virtualbox 6.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.0.24:0/6.0"
All Virtualbox 6.1.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.1.12:0/6.1"
References
[ 1 ] CVE-2019-2848 https://nvd.nist.gov/vuln/detail/CVE-2019-2848 [ 2 ] CVE-2019-2850 https://nvd.nist.gov/vuln/detail/CVE-2019-2850 [ 3 ] CVE-2019-2859 https://nvd.nist.gov/vuln/detail/CVE-2019-2859 [ 4 ] CVE-2019-2863 https://nvd.nist.gov/vuln/detail/CVE-2019-2863 [ 5 ] CVE-2019-2864 https://nvd.nist.gov/vuln/detail/CVE-2019-2864 [ 6 ] CVE-2019-2865 https://nvd.nist.gov/vuln/detail/CVE-2019-2865 [ 7 ] CVE-2019-2866 https://nvd.nist.gov/vuln/detail/CVE-2019-2866 [ 8 ] CVE-2019-2867 https://nvd.nist.gov/vuln/detail/CVE-2019-2867 [ 9 ] CVE-2019-2873 https://nvd.nist.gov/vuln/detail/CVE-2019-2873 [ 10 ] CVE-2019-2874 https://nvd.nist.gov/vuln/detail/CVE-2019-2874 [ 11 ] CVE-2019-2875 https://nvd.nist.gov/vuln/detail/CVE-2019-2875 [ 12 ] CVE-2019-2876 https://nvd.nist.gov/vuln/detail/CVE-2019-2876 [ 13 ] CVE-2019-2877 https://nvd.nist.gov/vuln/detail/CVE-2019-2877 [ 14 ] CVE-2019-2926 https://nvd.nist.gov/vuln/detail/CVE-2019-2926 [ 15 ] CVE-2019-2944 https://nvd.nist.gov/vuln/detail/CVE-2019-2944 [ 16 ] CVE-2019-2984 https://nvd.nist.gov/vuln/detail/CVE-2019-2984 [ 17 ] CVE-2019-3002 https://nvd.nist.gov/vuln/detail/CVE-2019-3002 [ 18 ] CVE-2019-3005 https://nvd.nist.gov/vuln/detail/CVE-2019-3005 [ 19 ] CVE-2019-3017 https://nvd.nist.gov/vuln/detail/CVE-2019-3017 [ 20 ] CVE-2019-3021 https://nvd.nist.gov/vuln/detail/CVE-2019-3021 [ 21 ] CVE-2019-3026 https://nvd.nist.gov/vuln/detail/CVE-2019-3026 [ 22 ] CVE-2019-3028 https://nvd.nist.gov/vuln/detail/CVE-2019-3028 [ 23 ] CVE-2019-3031 https://nvd.nist.gov/vuln/detail/CVE-2019-3031 [ 24 ] CVE-2020-14628 https://nvd.nist.gov/vuln/detail/CVE-2020-14628 [ 25 ] CVE-2020-14629 https://nvd.nist.gov/vuln/detail/CVE-2020-14629 [ 26 ] CVE-2020-14646 https://nvd.nist.gov/vuln/detail/CVE-2020-14646 [ 27 ] CVE-2020-14647 https://nvd.nist.gov/vuln/detail/CVE-2020-14647 [ 28 ] CVE-2020-14648 https://nvd.nist.gov/vuln/detail/CVE-2020-14648 [ 29 ] CVE-2020-14649 https://nvd.nist.gov/vuln/detail/CVE-2020-14649 [ 30 ] CVE-2020-14650 https://nvd.nist.gov/vuln/detail/CVE-2020-14650 [ 31 ] CVE-2020-14673 https://nvd.nist.gov/vuln/detail/CVE-2020-14673 [ 32 ] CVE-2020-14674 https://nvd.nist.gov/vuln/detail/CVE-2020-14674 [ 33 ] CVE-2020-14675 https://nvd.nist.gov/vuln/detail/CVE-2020-14675 [ 34 ] CVE-2020-14676 https://nvd.nist.gov/vuln/detail/CVE-2020-14676 [ 35 ] CVE-2020-14677 https://nvd.nist.gov/vuln/detail/CVE-2020-14677 [ 36 ] CVE-2020-14694 https://nvd.nist.gov/vuln/detail/CVE-2020-14694 [ 37 ] CVE-2020-14695 https://nvd.nist.gov/vuln/detail/CVE-2020-14695 [ 38 ] CVE-2020-14698 https://nvd.nist.gov/vuln/detail/CVE-2020-14698 [ 39 ] CVE-2020-14699 https://nvd.nist.gov/vuln/detail/CVE-2020-14699 [ 40 ] CVE-2020-14700 https://nvd.nist.gov/vuln/detail/CVE-2020-14700 [ 41 ] CVE-2020-14703 https://nvd.nist.gov/vuln/detail/CVE-2020-14703 [ 42 ] CVE-2020-14704 https://nvd.nist.gov/vuln/detail/CVE-2020-14704 [ 43 ] CVE-2020-14707 https://nvd.nist.gov/vuln/detail/CVE-2020-14707 [ 44 ] CVE-2020-14711 https://nvd.nist.gov/vuln/detail/CVE-2020-14711 [ 45 ] CVE-2020-14712 https://nvd.nist.gov/vuln/detail/CVE-2020-14712 [ 46 ] CVE-2020-14713 https://nvd.nist.gov/vuln/detail/CVE-2020-14713 [ 47 ] CVE-2020-14714 https://nvd.nist.gov/vuln/detail/CVE-2020-14714 [ 48 ] CVE-2020-14715 https://nvd.nist.gov/vuln/detail/CVE-2020-14715 [ 49 ] CVE-2020-2575 https://nvd.nist.gov/vuln/detail/CVE-2020-2575 [ 50 ] CVE-2020-2674 https://nvd.nist.gov/vuln/detail/CVE-2020-2674 [ 51 ] CVE-2020-2678 https://nvd.nist.gov/vuln/detail/CVE-2020-2678 [ 52 ] CVE-2020-2681 https://nvd.nist.gov/vuln/detail/CVE-2020-2681 [ 53 ] CVE-2020-2682 https://nvd.nist.gov/vuln/detail/CVE-2020-2682 [ 54 ] CVE-2020-2689 https://nvd.nist.gov/vuln/detail/CVE-2020-2689 [ 55 ] CVE-2020-2690 https://nvd.nist.gov/vuln/detail/CVE-2020-2690 [ 56 ] CVE-2020-2691 https://nvd.nist.gov/vuln/detail/CVE-2020-2691 [ 57 ] CVE-2020-2692 https://nvd.nist.gov/vuln/detail/CVE-2020-2692 [ 58 ] CVE-2020-2693 https://nvd.nist.gov/vuln/detail/CVE-2020-2693 [ 59 ] CVE-2020-2698 https://nvd.nist.gov/vuln/detail/CVE-2020-2698 [ 60 ] CVE-2020-2701 https://nvd.nist.gov/vuln/detail/CVE-2020-2701 [ 61 ] CVE-2020-2702 https://nvd.nist.gov/vuln/detail/CVE-2020-2702 [ 62 ] CVE-2020-2703 https://nvd.nist.gov/vuln/detail/CVE-2020-2703 [ 63 ] CVE-2020-2704 https://nvd.nist.gov/vuln/detail/CVE-2020-2704 [ 64 ] CVE-2020-2705 https://nvd.nist.gov/vuln/detail/CVE-2020-2705 [ 65 ] CVE-2020-2725 https://nvd.nist.gov/vuln/detail/CVE-2020-2725 [ 66 ] CVE-2020-2726 https://nvd.nist.gov/vuln/detail/CVE-2020-2726 [ 67 ] CVE-2020-2727 https://nvd.nist.gov/vuln/detail/CVE-2020-2727 [ 68 ] CVE-2020-2741 https://nvd.nist.gov/vuln/detail/CVE-2020-2741 [ 69 ] CVE-2020-2742 https://nvd.nist.gov/vuln/detail/CVE-2020-2742 [ 70 ] CVE-2020-2743 https://nvd.nist.gov/vuln/detail/CVE-2020-2743 [ 71 ] CVE-2020-2748 https://nvd.nist.gov/vuln/detail/CVE-2020-2748 [ 72 ] CVE-2020-2758 https://nvd.nist.gov/vuln/detail/CVE-2020-2758 [ 73 ] CVE-2020-2894 https://nvd.nist.gov/vuln/detail/CVE-2020-2894 [ 74 ] CVE-2020-2902 https://nvd.nist.gov/vuln/detail/CVE-2020-2902 [ 75 ] CVE-2020-2905 https://nvd.nist.gov/vuln/detail/CVE-2020-2905 [ 76 ] CVE-2020-2907 https://nvd.nist.gov/vuln/detail/CVE-2020-2907 [ 77 ] CVE-2020-2908 https://nvd.nist.gov/vuln/detail/CVE-2020-2908 [ 78 ] CVE-2020-2909 https://nvd.nist.gov/vuln/detail/CVE-2020-2909 [ 79 ] CVE-2020-2910 https://nvd.nist.gov/vuln/detail/CVE-2020-2910 [ 80 ] CVE-2020-2911 https://nvd.nist.gov/vuln/detail/CVE-2020-2911 [ 81 ] CVE-2020-2913 https://nvd.nist.gov/vuln/detail/CVE-2020-2913 [ 82 ] CVE-2020-2914 https://nvd.nist.gov/vuln/detail/CVE-2020-2914 [ 83 ] CVE-2020-2929 https://nvd.nist.gov/vuln/detail/CVE-2020-2929 [ 84 ] CVE-2020-2951 https://nvd.nist.gov/vuln/detail/CVE-2020-2951 [ 85 ] CVE-2020-2958 https://nvd.nist.gov/vuln/detail/CVE-2020-2958 [ 86 ] CVE-2020-2959 https://nvd.nist.gov/vuln/detail/CVE-2020-2959
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202101-09
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.
Background
VirtualBox is a powerful virtualization product from Oracle.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/virtualbox < 6.1.12 >= 6.1.12:0/6.1 >= 6.0.24:0/6.0
Impact
===== An attacker could take control of VirtualBox resulting in the execution of arbitrary code with the privileges of the process, a Denial of Service condition, or other unspecified impacts.
Workaround
There is no known workaround at this time.
