Gentoo: GLSA-202208-36: Oracle VirtualBox: Multiple Vulnerabilities...

Advisories

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202208-36
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High
    Title: Oracle VirtualBox: Multiple Vulnerabilities
     Date: August 31, 2022
     Bugs: #785445, #803134, #820425, #831440, #839990, #859391
       ID: 202208-36

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in Oracle Virtualbox, the
worst of which could result in root privilege escalation.

Background
==========

VirtualBox is a powerful virtualization product from Oracle.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-emulation/virtualbox   < 6.1.36                    >= 6.1.36
  2  app-emulation/virtualbox-additions< 6.1.36             >= 6.1.36
  3  app-emulation/virtualbox-extpack-oracle< 6.1.36        >= 6.1.36
  4  app-emulation/virtualbox-guest-additions< 6.1.36       >= 6.1.36
  5  app-emulation/virtualbox-modules< 6.1.36               >= 6.1.36

Description
===========

Multiple vulnerabilities have been discovered in VirtualBox. Please
review the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All VirtualBox users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.36"

References
==========

[ 1 ] CVE-2021-2145
      https://nvd.nist.gov/vuln/detail/CVE-2021-2145
[ 2 ] CVE-2021-2250
      https://nvd.nist.gov/vuln/detail/CVE-2021-2250
[ 3 ] CVE-2021-2264
      https://nvd.nist.gov/vuln/detail/CVE-2021-2264
[ 4 ] CVE-2021-2266
      https://nvd.nist.gov/vuln/detail/CVE-2021-2266
[ 5 ] CVE-2021-2279
      https://nvd.nist.gov/vuln/detail/CVE-2021-2279
[ 6 ] CVE-2021-2280
      https://nvd.nist.gov/vuln/detail/CVE-2021-2280
[ 7 ] CVE-2021-2281
      https://nvd.nist.gov/vuln/detail/CVE-2021-2281
[ 8 ] CVE-2021-2282
      https://nvd.nist.gov/vuln/detail/CVE-2021-2282
[ 9 ] CVE-2021-2283
      https://nvd.nist.gov/vuln/detail/CVE-2021-2283
[ 10 ] CVE-2021-2284
      https://nvd.nist.gov/vuln/detail/CVE-2021-2284
[ 11 ] CVE-2021-2285
      https://nvd.nist.gov/vuln/detail/CVE-2021-2285
[ 12 ] CVE-2021-2286
      https://nvd.nist.gov/vuln/detail/CVE-2021-2286
[ 13 ] CVE-2021-2287
      https://nvd.nist.gov/vuln/detail/CVE-2021-2287
[ 14 ] CVE-2021-2291
      https://nvd.nist.gov/vuln/detail/CVE-2021-2291
[ 15 ] CVE-2021-2296
      https://nvd.nist.gov/vuln/detail/CVE-2021-2296
[ 16 ] CVE-2021-2297
      https://nvd.nist.gov/vuln/detail/CVE-2021-2297
[ 17 ] CVE-2021-2306
      https://nvd.nist.gov/vuln/detail/CVE-2021-2306
[ 18 ] CVE-2021-2309
      https://nvd.nist.gov/vuln/detail/CVE-2021-2309
[ 19 ] CVE-2021-2310
      https://nvd.nist.gov/vuln/detail/CVE-2021-2310
[ 20 ] CVE-2021-2312
      https://nvd.nist.gov/vuln/detail/CVE-2021-2312
[ 21 ] CVE-2021-2409
      https://nvd.nist.gov/vuln/detail/CVE-2021-2409
[ 22 ] CVE-2021-2442
      https://nvd.nist.gov/vuln/detail/CVE-2021-2442
[ 23 ] CVE-2021-2443
      https://nvd.nist.gov/vuln/detail/CVE-2021-2443
[ 24 ] CVE-2021-2454
      https://nvd.nist.gov/vuln/detail/CVE-2021-2454
[ 25 ] CVE-2021-2475
      https://nvd.nist.gov/vuln/detail/CVE-2021-2475
[ 26 ] CVE-2021-35538
      https://nvd.nist.gov/vuln/detail/CVE-2021-35538
[ 27 ] CVE-2021-35540
      https://nvd.nist.gov/vuln/detail/CVE-2021-35540
[ 28 ] CVE-2021-35542
      https://nvd.nist.gov/vuln/detail/CVE-2021-35542
[ 29 ] CVE-2021-35545
      https://nvd.nist.gov/vuln/detail/CVE-2021-35545
[ 30 ] CVE-2022-21394
      https://nvd.nist.gov/vuln/detail/CVE-2022-21394
[ 31 ] CVE-2022-21465
      https://nvd.nist.gov/vuln/detail/CVE-2022-21465
[ 32 ] CVE-2022-21471
      https://nvd.nist.gov/vuln/detail/CVE-2022-21471
[ 33 ] CVE-2022-21487
      https://nvd.nist.gov/vuln/detail/CVE-2022-21487
[ 34 ] CVE-2022-21488
      https://nvd.nist.gov/vuln/detail/CVE-2022-21488
[ 35 ] CVE-2022-21554
      https://nvd.nist.gov/vuln/detail/CVE-2022-21554
[ 36 ] CVE-2022-21571
      https://nvd.nist.gov/vuln/detail/CVE-2022-21571

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202208-36

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202208-36: Oracle VirtualBox: Multiple Vulnerabilities

Summary

Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details.

Resolution

All VirtualBox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-6.1.36"

References

[ 1 ] CVE-2021-2145 https://nvd.nist.gov/vuln/detail/CVE-2021-2145 [ 2 ] CVE-2021-2250 https://nvd.nist.gov/vuln/detail/CVE-2021-2250 [ 3 ] CVE-2021-2264 https://nvd.nist.gov/vuln/detail/CVE-2021-2264 [ 4 ] CVE-2021-2266 https://nvd.nist.gov/vuln/detail/CVE-2021-2266 [ 5 ] CVE-2021-2279 https://nvd.nist.gov/vuln/detail/CVE-2021-2279 [ 6 ] CVE-2021-2280 https://nvd.nist.gov/vuln/detail/CVE-2021-2280 [ 7 ] CVE-2021-2281 https://nvd.nist.gov/vuln/detail/CVE-2021-2281 [ 8 ] CVE-2021-2282 https://nvd.nist.gov/vuln/detail/CVE-2021-2282 [ 9 ] CVE-2021-2283 https://nvd.nist.gov/vuln/detail/CVE-2021-2283 [ 10 ] CVE-2021-2284 https://nvd.nist.gov/vuln/detail/CVE-2021-2284 [ 11 ] CVE-2021-2285 https://nvd.nist.gov/vuln/detail/CVE-2021-2285 [ 12 ] CVE-2021-2286 https://nvd.nist.gov/vuln/detail/CVE-2021-2286 [ 13 ] CVE-2021-2287 https://nvd.nist.gov/vuln/detail/CVE-2021-2287 [ 14 ] CVE-2021-2291 https://nvd.nist.gov/vuln/detail/CVE-2021-2291 [ 15 ] CVE-2021-2296 https://nvd.nist.gov/vuln/detail/CVE-2021-2296 [ 16 ] CVE-2021-2297 https://nvd.nist.gov/vuln/detail/CVE-2021-2297 [ 17 ] CVE-2021-2306 https://nvd.nist.gov/vuln/detail/CVE-2021-2306 [ 18 ] CVE-2021-2309 https://nvd.nist.gov/vuln/detail/CVE-2021-2309 [ 19 ] CVE-2021-2310 https://nvd.nist.gov/vuln/detail/CVE-2021-2310 [ 20 ] CVE-2021-2312 https://nvd.nist.gov/vuln/detail/CVE-2021-2312 [ 21 ] CVE-2021-2409 https://nvd.nist.gov/vuln/detail/CVE-2021-2409 [ 22 ] CVE-2021-2442 https://nvd.nist.gov/vuln/detail/CVE-2021-2442 [ 23 ] CVE-2021-2443 https://nvd.nist.gov/vuln/detail/CVE-2021-2443 [ 24 ] CVE-2021-2454 https://nvd.nist.gov/vuln/detail/CVE-2021-2454 [ 25 ] CVE-2021-2475 https://nvd.nist.gov/vuln/detail/CVE-2021-2475 [ 26 ] CVE-2021-35538 https://nvd.nist.gov/vuln/detail/CVE-2021-35538 [ 27 ] CVE-2021-35540 https://nvd.nist.gov/vuln/detail/CVE-2021-35540 [ 28 ] CVE-2021-35542 https://nvd.nist.gov/vuln/detail/CVE-2021-35542 [ 29 ] CVE-2021-35545 https://nvd.nist.gov/vuln/detail/CVE-2021-35545 [ 30 ] CVE-2022-21394 https://nvd.nist.gov/vuln/detail/CVE-2022-21394 [ 31 ] CVE-2022-21465 https://nvd.nist.gov/vuln/detail/CVE-2022-21465 [ 32 ] CVE-2022-21471 https://nvd.nist.gov/vuln/detail/CVE-2022-21471 [ 33 ] CVE-2022-21487 https://nvd.nist.gov/vuln/detail/CVE-2022-21487 [ 34 ] CVE-2022-21488 https://nvd.nist.gov/vuln/detail/CVE-2022-21488 [ 35 ] CVE-2022-21554 https://nvd.nist.gov/vuln/detail/CVE-2022-21554 [ 36 ] CVE-2022-21571 https://nvd.nist.gov/vuln/detail/CVE-2022-21571

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-36

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: High
Title: Oracle VirtualBox: Multiple Vulnerabilities
Date: August 31, 2022
Bugs: #785445, #803134, #820425, #831440, #839990, #859391
ID: 202208-36

Synopsis

Multiple vulnerabilities have been discovered in Oracle Virtualbox, the worst of which could result in root privilege escalation.

Background

VirtualBox is a powerful virtualization product from Oracle.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/virtualbox < 6.1.36 >= 6.1.36 2 app-emulation/virtualbox-additions< 6.1.36 >= 6.1.36 3 app-emulation/virtualbox-extpack-oracle< 6.1.36 >= 6.1.36 4 app-emulation/virtualbox-guest-additions< 6.1.36 >= 6.1.36 5 app-emulation/virtualbox-modules< 6.1.36 >= 6.1.36

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.