Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: MGASA-2020-0065 Moderate: VirtualBox Access Issues

mageia
Calendar Grey January 28, 2020
Dist Mageia Esm H88
Uncover Mageia's security patch MGASA-2020-0065 addressing severe VirtualBox flaws that affect privileged access.
This update provides the upstream 6.0.16 and fixes the following security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with logon to the in...

Summary

This update provides the upstream 6.0.16 and fixes the following security vulnerabilities:
An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2020-2674, CVE-2020-2682).
A difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=26079

-

- https://www.oracle.com/security-alerts/cpujan2020.html#AppendixOVIR

- https://www.cve.org/CVERecord?id=CVE-2020-2674

- https://www.cve.org/CVERecord?id=CVE-2020-2678

- https://www.cve.org/CVERecord?id=CVE-2020-2681

- https://www.cve.org/CVERecord?id=CVE-2020-2682

- https://www.cve.org/CVERecord?id=CVE-2020-2689

- https://www.cve.org/CVERecord?id=CVE-2020-2690

- https://www.cve.org/CVERecord?id=CVE-2020-2691

- https://www.cve.org/CVERecord?id=CVE-2020-2692

- https://www.cve.org/CVERecord?id=CVE-2020-2693

- https://www.cve.org/CVERecord?id=CVE-2020-2698

- https://www.cve.org/CVERecord?id=CVE-2020-2701

- https://www.cve.org/CVERecord?id=CVE-2020-2702

- https://www.cve.org/CVERecord?id=CVE-2020-2703

- https://www.cve.org/CVERecord?id=CVE-2020-2704

- https://www.cve.org/CVERecord?id=CVE-2020-2705

- https://www.cve.org/CVERecord?id=CVE-2020-2725

- https://www.cve.org/CVERecord?id=CVE-2020-2726

- https://www.cve.org/CVERecord?id=CVE-2020-2727

Topics%20covered

Topics Covered

security advisory high severity DoS virtualbox mageia

Resolution

SRPMS

- 7/core/virtualbox-6.0.16-1.mga7

- 7/core/kmod-virtualbox-6.0.16-1.mga7

Publication date: 28 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0065.html
Type: security
CVE: CVE-2020-2674, CVE-2020-2678, CVE-2020-2681, CVE-2020-2682, CVE-2020-2689, CVE-2020-2690, CVE-2020-2691, CVE-2020-2692, CVE-2020-2693, CVE-2020-2698, CVE-2020-2701, CVE-2020-2702, CVE-2020-2703, CVE-2020-2704, CVE-2020-2705, CVE-2020-2725, CVE-2020-2726, CVE-2020-2727

Topics%20covered

Topics Covered

security advisory high severity DoS virtualbox mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here