On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote: > Package: virtualbox > Severity: grave > Tags: security > Justification: user security hole > > No specific details available yet: > http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html > > Cheers, > Moritz >
The following matrix is what I could grab. http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR CVE-2014-6595 Oracle VM VirtualBox None VMSVGA device No 3.2 Local Low Single None Partial+ Partial+ VirtualBox prior to 4.3.20 See Note 3 CVE-2014-6588 Oracle VM VirtualBox None VMSVGA device No 3.2 Local Low Single None Partial+ Partial+ VirtualBox prior to 4.3.20 See Note 3 CVE-2014-6589 Oracle VM VirtualBox None VMSVGA device No 3.2 Local Low Single None Partial+ Partial+ VirtualBox prior to 4.3.20 See Note 3 CVE-2014-6590 Oracle VM VirtualBox None VMSVGA device No 3.2 Local Low Single None Partial+ Partial+ VirtualBox prior to 4.3.20 See Note 3 CVE-2015-0427 Oracle VM VirtualBox None VMSVGA device No 3.2 Local Low Single None Partial+ Partial+ VirtualBox prior to 4.3.20 See Note 3 CVE-2015-0418 Oracle VM VirtualBox None Core No 2.1 Local Low None None None Partial+ VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28 *Notes:* 1. This fix also addresses CVE-2014-0231, CVE-2014-0118 and CVE-2014-5704. 2. This fix also addresses CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076. 3. VMSVGA virtual graphics device is not documented and is disabled by default. @Moritz: There's nothing more detailed than the statement that all versions proior to 4.3.20 are vulnerable. 4.3.20 is in experimental right now. -- Ritesh Raj Sarraf RESEARCHUT - http://www.researchut.com "Necessity is the mother of invention."
signature.asc
Description: OpenPGP digital signature
