Gentoo: GLSA-202101-09: VirtualBox: Multiple vulnerabilities
Gentoo: GLSA-202101-09: VirtualBox: Multiple vulnerabilities
Multiple vulnerabilities have been found in VirtualBox, the worst of which could allow an attacker to take control of VirtualBox.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202101-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: VirtualBox: Multiple vulnerabilities
Date: January 12, 2021
Bugs: #714064, #717626, #717782, #733924
ID: 202101-09
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in VirtualBox, the worst of
which could allow an attacker to take control of VirtualBox.
Background
==========
VirtualBox is a powerful virtualization product from Oracle.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/virtualbox
< 6.1.12 >= 6.1.12:0/6.1
>= 6.0.24:0/6.0
Description
===========
Multiple vulnerabilities have been discovered in VirtualBox. Please
review the CVE identifiers referenced below for details.
Impact
======
An attacker could take control of VirtualBox resulting in the execution
of arbitrary code with the privileges of the process, a Denial of
Service condition, or other unspecified impacts.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Virtualbox 6.0.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.0.24:0/6.0"
All Virtualbox 6.1.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.1.12:0/6.1"
References
==========
[ 1 ] CVE-2019-2848
https://nvd.nist.gov/vuln/detail/CVE-2019-2848
[ 2 ] CVE-2019-2850
https://nvd.nist.gov/vuln/detail/CVE-2019-2850
[ 3 ] CVE-2019-2859
https://nvd.nist.gov/vuln/detail/CVE-2019-2859
[ 4 ] CVE-2019-2863
https://nvd.nist.gov/vuln/detail/CVE-2019-2863
[ 5 ] CVE-2019-2864
https://nvd.nist.gov/vuln/detail/CVE-2019-2864
[ 6 ] CVE-2019-2865
https://nvd.nist.gov/vuln/detail/CVE-2019-2865
[ 7 ] CVE-2019-2866
https://nvd.nist.gov/vuln/detail/CVE-2019-2866
[ 8 ] CVE-2019-2867
https://nvd.nist.gov/vuln/detail/CVE-2019-2867
[ 9 ] CVE-2019-2873
https://nvd.nist.gov/vuln/detail/CVE-2019-2873
[ 10 ] CVE-2019-2874
https://nvd.nist.gov/vuln/detail/CVE-2019-2874
[ 11 ] CVE-2019-2875
https://nvd.nist.gov/vuln/detail/CVE-2019-2875
[ 12 ] CVE-2019-2876
https://nvd.nist.gov/vuln/detail/CVE-2019-2876
[ 13 ] CVE-2019-2877
https://nvd.nist.gov/vuln/detail/CVE-2019-2877
[ 14 ] CVE-2019-2926
https://nvd.nist.gov/vuln/detail/CVE-2019-2926
[ 15 ] CVE-2019-2944
https://nvd.nist.gov/vuln/detail/CVE-2019-2944
[ 16 ] CVE-2019-2984
https://nvd.nist.gov/vuln/detail/CVE-2019-2984
[ 17 ] CVE-2019-3002
https://nvd.nist.gov/vuln/detail/CVE-2019-3002
[ 18 ] CVE-2019-3005
https://nvd.nist.gov/vuln/detail/CVE-2019-3005
[ 19 ] CVE-2019-3017
https://nvd.nist.gov/vuln/detail/CVE-2019-3017
[ 20 ] CVE-2019-3021
https://nvd.nist.gov/vuln/detail/CVE-2019-3021
[ 21 ] CVE-2019-3026
https://nvd.nist.gov/vuln/detail/CVE-2019-3026
[ 22 ] CVE-2019-3028
https://nvd.nist.gov/vuln/detail/CVE-2019-3028
[ 23 ] CVE-2019-3031
https://nvd.nist.gov/vuln/detail/CVE-2019-3031
[ 24 ] CVE-2020-14628
https://nvd.nist.gov/vuln/detail/CVE-2020-14628
[ 25 ] CVE-2020-14629
https://nvd.nist.gov/vuln/detail/CVE-2020-14629
[ 26 ] CVE-2020-14646
https://nvd.nist.gov/vuln/detail/CVE-2020-14646
[ 27 ] CVE-2020-14647
https://nvd.nist.gov/vuln/detail/CVE-2020-14647
[ 28 ] CVE-2020-14648
https://nvd.nist.gov/vuln/detail/CVE-2020-14648
[ 29 ] CVE-2020-14649
https://nvd.nist.gov/vuln/detail/CVE-2020-14649
[ 30 ] CVE-2020-14650
https://nvd.nist.gov/vuln/detail/CVE-2020-14650
[ 31 ] CVE-2020-14673
https://nvd.nist.gov/vuln/detail/CVE-2020-14673
[ 32 ] CVE-2020-14674
https://nvd.nist.gov/vuln/detail/CVE-2020-14674
[ 33 ] CVE-2020-14675
https://nvd.nist.gov/vuln/detail/CVE-2020-14675
[ 34 ] CVE-2020-14676
https://nvd.nist.gov/vuln/detail/CVE-2020-14676
[ 35 ] CVE-2020-14677
https://nvd.nist.gov/vuln/detail/CVE-2020-14677
[ 36 ] CVE-2020-14694
https://nvd.nist.gov/vuln/detail/CVE-2020-14694
[ 37 ] CVE-2020-14695
https://nvd.nist.gov/vuln/detail/CVE-2020-14695
[ 38 ] CVE-2020-14698
https://nvd.nist.gov/vuln/detail/CVE-2020-14698
[ 39 ] CVE-2020-14699
https://nvd.nist.gov/vuln/detail/CVE-2020-14699
[ 40 ] CVE-2020-14700
https://nvd.nist.gov/vuln/detail/CVE-2020-14700
[ 41 ] CVE-2020-14703
https://nvd.nist.gov/vuln/detail/CVE-2020-14703
[ 42 ] CVE-2020-14704
https://nvd.nist.gov/vuln/detail/CVE-2020-14704
[ 43 ] CVE-2020-14707
https://nvd.nist.gov/vuln/detail/CVE-2020-14707
[ 44 ] CVE-2020-14711
https://nvd.nist.gov/vuln/detail/CVE-2020-14711
[ 45 ] CVE-2020-14712
https://nvd.nist.gov/vuln/detail/CVE-2020-14712
[ 46 ] CVE-2020-14713
https://nvd.nist.gov/vuln/detail/CVE-2020-14713
[ 47 ] CVE-2020-14714
https://nvd.nist.gov/vuln/detail/CVE-2020-14714
[ 48 ] CVE-2020-14715
https://nvd.nist.gov/vuln/detail/CVE-2020-14715
[ 49 ] CVE-2020-2575
https://nvd.nist.gov/vuln/detail/CVE-2020-2575
[ 50 ] CVE-2020-2674
https://nvd.nist.gov/vuln/detail/CVE-2020-2674
[ 51 ] CVE-2020-2678
https://nvd.nist.gov/vuln/detail/CVE-2020-2678
[ 52 ] CVE-2020-2681
https://nvd.nist.gov/vuln/detail/CVE-2020-2681
[ 53 ] CVE-2020-2682
https://nvd.nist.gov/vuln/detail/CVE-2020-2682
[ 54 ] CVE-2020-2689
https://nvd.nist.gov/vuln/detail/CVE-2020-2689
[ 55 ] CVE-2020-2690
https://nvd.nist.gov/vuln/detail/CVE-2020-2690
[ 56 ] CVE-2020-2691
https://nvd.nist.gov/vuln/detail/CVE-2020-2691
[ 57 ] CVE-2020-2692
https://nvd.nist.gov/vuln/detail/CVE-2020-2692
[ 58 ] CVE-2020-2693
https://nvd.nist.gov/vuln/detail/CVE-2020-2693
[ 59 ] CVE-2020-2698
https://nvd.nist.gov/vuln/detail/CVE-2020-2698
[ 60 ] CVE-2020-2701
https://nvd.nist.gov/vuln/detail/CVE-2020-2701
[ 61 ] CVE-2020-2702
https://nvd.nist.gov/vuln/detail/CVE-2020-2702
[ 62 ] CVE-2020-2703
https://nvd.nist.gov/vuln/detail/CVE-2020-2703
[ 63 ] CVE-2020-2704
https://nvd.nist.gov/vuln/detail/CVE-2020-2704
[ 64 ] CVE-2020-2705
https://nvd.nist.gov/vuln/detail/CVE-2020-2705
[ 65 ] CVE-2020-2725
https://nvd.nist.gov/vuln/detail/CVE-2020-2725
[ 66 ] CVE-2020-2726
https://nvd.nist.gov/vuln/detail/CVE-2020-2726
[ 67 ] CVE-2020-2727
https://nvd.nist.gov/vuln/detail/CVE-2020-2727
[ 68 ] CVE-2020-2741
https://nvd.nist.gov/vuln/detail/CVE-2020-2741
[ 69 ] CVE-2020-2742
https://nvd.nist.gov/vuln/detail/CVE-2020-2742
[ 70 ] CVE-2020-2743
https://nvd.nist.gov/vuln/detail/CVE-2020-2743
[ 71 ] CVE-2020-2748
https://nvd.nist.gov/vuln/detail/CVE-2020-2748
[ 72 ] CVE-2020-2758
https://nvd.nist.gov/vuln/detail/CVE-2020-2758
[ 73 ] CVE-2020-2894
https://nvd.nist.gov/vuln/detail/CVE-2020-2894
[ 74 ] CVE-2020-2902
https://nvd.nist.gov/vuln/detail/CVE-2020-2902
[ 75 ] CVE-2020-2905
https://nvd.nist.gov/vuln/detail/CVE-2020-2905
[ 76 ] CVE-2020-2907
https://nvd.nist.gov/vuln/detail/CVE-2020-2907
[ 77 ] CVE-2020-2908
https://nvd.nist.gov/vuln/detail/CVE-2020-2908
[ 78 ] CVE-2020-2909
https://nvd.nist.gov/vuln/detail/CVE-2020-2909
[ 79 ] CVE-2020-2910
https://nvd.nist.gov/vuln/detail/CVE-2020-2910
[ 80 ] CVE-2020-2911
https://nvd.nist.gov/vuln/detail/CVE-2020-2911
[ 81 ] CVE-2020-2913
https://nvd.nist.gov/vuln/detail/CVE-2020-2913
[ 82 ] CVE-2020-2914
https://nvd.nist.gov/vuln/detail/CVE-2020-2914
[ 83 ] CVE-2020-2929
https://nvd.nist.gov/vuln/detail/CVE-2020-2929
[ 84 ] CVE-2020-2951
https://nvd.nist.gov/vuln/detail/CVE-2020-2951
[ 85 ] CVE-2020-2958
https://nvd.nist.gov/vuln/detail/CVE-2020-2958
[ 86 ] CVE-2020-2959
https://nvd.nist.gov/vuln/detail/CVE-2020-2959
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202101-09
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2021 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5