Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Mageia 2021-0197 Moderate: Oracle VM VirtualBox Remote Threats Resolved

mageia
Calendar Grey April 23, 2021
Dist Mageia Esm H88
Mageia 2021-0198 enhances Oracle VM VirtualBox to address vulnerabilities concerning access management and the possibility of remote exploitation.
This update provides the upstream 6.1.20 maintenance release that fixes atleast the following security vulnerabilities: A difficult to exploit vulnerability in the Oracle VM Virtu...

Summary

This update provides the upstream 6.1.20 maintenance release that fixes atleast the following security vulnerabilities:
A difficult to exploit vulnerability in the Oracle VM VirtualBox (component: Core) prior to 6.1.20 allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2021-2145, CVE-2021-2309, CVE-2021-2310).
An easily exploitable vulnerability in the Oracle VM VirtualBox (component: Core) prior to 6.1.20 allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in take...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=28828

- https://bugs.mageia.org/show_bug.cgi?id=27362

- https://bugs.mageia.org/show_bug.cgi?id=27433

- https://bugs.mageia.org/show_bug.cgi?id=27936

- https://bugs.mageia.org/show_bug.cgi?id=28734

- https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixOVIR

- https://https://www.virtualbox.org/wiki/Changelog

- https://www.cve.org/CVERecord?id=CVE-2021-2145

- https://www.cve.org/CVERecord?id=CVE-2021-2250

- https://www.cve.org/CVERecord?id=CVE-2021-2264

- https://www.cve.org/CVERecord?id=CVE-2021-2266

- https://www.cve.org/CVERecord?id=CVE-2021-2279

- https://www.cve.org/CVERecord?id=CVE-2021-2280

- https://www.cve.org/CVERecord?id=CVE-2021-2281

- https://www.cve.org/CVERecord?id=CVE-2021-2282

- https://www.cve.org/CVERecord?id=CVE-2021-2283

- https://www.cve.org/CVERecord?id=CVE-2021-2284

- https://www.cve.org/CVERecord?id=CVE-2021-2285

- https://www.cve.org/CVERecord?id=CVE-2021-2286

- https://www.cve.org/CVERecord?id=CVE-2021-2287

- https://www.cve.org/CVERecord?id=CVE-2021-2291

- https://www.cve.org/CVERecord?id=CVE-2021-2296

- https://www.cve.org/CVERecord?id=CVE-2021-2297

- https://www.cve.org/CVERecord?id=CVE-2021-2306

- https://www.cve.org/CVERecord?id=CVE-2021-2309

- https://www.cve.org/CVERecord?id=CVE-2021-2310

Topics%20covered

Topics Covered

security advisory security update access control remote access remote execution issue resolution VirtualBox Mageia Oracle VM VirtualBox

Resolution

SRPMS

- 7/core/virtualbox-6.1.20-1.mga7

- 7/core/kmod-virtualbox-6.1.20-1.mga7

- 8/core/virtualbox-6.1.20-1.1.mga8

- 8/core/kmod-virtualbox-6.1.20-1.1.mga8

Publication date: 23 Apr 2021
URL: https://advisories.mageia.org/MGASA-2021-0197.html
Type: security
CVE: CVE-2021-2145, CVE-2021-2250, CVE-2021-2264, CVE-2021-2266, CVE-2021-2279, CVE-2021-2280, CVE-2021-2281, CVE-2021-2282, CVE-2021-2283, CVE-2021-2284, CVE-2021-2285, CVE-2021-2286, CVE-2021-2287, CVE-2021-2291, CVE-2021-2296, CVE-2021-2297, CVE-2021-2306, CVE-2021-2309, CVE-2021-2310

Topics%20covered

Topics Covered

security advisory security update access control remote access remote execution issue resolution VirtualBox Mageia Oracle VM VirtualBox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here