Mageia 6: 2018-0437 Moderate: Critical VirtualBox Denial Of Service

mageia

November 3, 2018

This update provides virtualbox 5.2.20 and fixes the following security vulnerabilities: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server...

Summary

This update provides virtualbox 5.2.20 and fixes the following security vulnerabilities:
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (CVE-2018-0732).
Vulnerability in VirtualBox contains an easily exploitable vulnerability that allows unauthenticated attacker with logon to the infrastructure where VirtualBox executes to compromise VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of VirtualBox (CVE-2018-2909, CVE-2018-3287, (CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=23719

- https://www.virtualbox.org/wiki/Changelog#20

- https://www.oracle.com/security-alerts/cpuoct2018.html

- https://www.cve.org/CVERecord?id=CVE-2018-0732

- https://www.cve.org/CVERecord?id=CVE-2018-2909

- https://www.cve.org/CVERecord?id=CVE-2018-3287

- https://www.cve.org/CVERecord?id=CVE-2018-3288

- https://www.cve.org/CVERecord?id=CVE-2018-3289

- https://www.cve.org/CVERecord?id=CVE-2018-3290

- https://www.cve.org/CVERecord?id=CVE-2018-3291

- https://www.cve.org/CVERecord?id=CVE-2018-3292

- https://www.cve.org/CVERecord?id=CVE-2018-3293

- https://www.cve.org/CVERecord?id=CVE-2018-3294

- https://www.cve.org/CVERecord?id=CVE-2018-3295

- https://www.cve.org/CVERecord?id=CVE-2018-3296

- https://www.cve.org/CVERecord?id=CVE-2018-3297

- https://www.cve.org/CVERecord?id=CVE-2018-3298

Topics Covered

security advisory denial of service remote access security issues network access virtualbox mageia

Resolution

SRPMS

- 6/core/virtualbox-5.2.20-1.mga6

- 6/core/kmod-virtualbox-5.2.20-1.mga6

- 6/core/kmod-vboxadditions-5.2.20-1.mga6

Publication date: 03 Nov 2018

URL: https://advisories.mageia.org/MGASA-2018-0437.html

Type: security

CVE: CVE-2018-0732, CVE-2018-2909, CVE-2018-3287, CVE-2018-3288, CVE-2018-3289, CVE-2018-3290, CVE-2018-3291, CVE-2018-3292, CVE-2018-3293, CVE-2018-3294, CVE-2018-3295, CVE-2018-3296, CVE-2018-3297, CVE-2018-3298

Topics Covered

security advisory denial of service remote access security issues network access virtualbox mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks