> These issues were found by Tarjei Mandt, and are described in this blog post: > http://mista.nu/blog/author/mista/ > > CVE-2011-2300 allows gaining elevated privileges within a Windows > guest due to a vulnerability in the Windows Guest Additions.
It's impossible to check the details here because we only distribute the Windows Guest Additions as binary in non-free. According to the blog entry 4.0.10, the version in unstable and testing, is fine. I cannot tell ifrom our sources if the old 3.2.10 version in stable is affected at all. However, if it was, there is no way to update that package short of uploading the new 4.0 version to stable. > CVE-2011-2305 allows executing arbitrary code on the host due to a > vulnerability in the VirtualBox graphics stack. This one affects only the version in backports. Unstable and testing already have 4.0.10 which already contains the fix and stable has 3.2.10 which didn't have the problem. Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org Jabber: michael.meskes at googlemail dot com VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org