With one simple call. For description and more details see url. Probably should be masked.
Thanks for the report, scarabeus. Usually this would be rated as B3, but given the high impact on the host system (and possible execution of arbitrary code), I'd say B2 or B1 is more appropriate. Someone please confirm or re-rate if you think otherwise.
VirtualBox 3.0.4 (released 2009-08-04) This is a maintenance release. The following items were fixed and/or added: * VMM: 64 bits guest stability fixes (AMD-V only; bugs #3923 & #3666) * VMM: SMP stability fixes (AMD-V only) * VMM: SMP performance improvement (esp. for Solaris guests) * VMM: eliminated several bugs which could lead to a host reboot
CCing X-Drum as he already did a source-tarball for virtualbox-modules-3.0.4 which is needed for virtualbox-{bin,ose}
CVE-2009-2714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2714): Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors. CVE-2009-2715 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2715): Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.
(In reply to comment #3) > CCing X-Drum as he already did a source-tarball for virtualbox-modules-3.0.4 > which is needed for virtualbox-{bin,ose} > I bumped all the ebuilds for the 3.0.4 release about 4 days ago, currently they are only available on jokey's overlay[1]. @Patrick: since i have no access to the tree, i will ask if you can please commit the new 3.0.4 release and drop all the vulnerable versions still available in portage: - 2.2.0 (keyword masked) - 2.2.4 (keyword masked) - 3.0.2 (keyword masked) [1] http://overlays.gentoo.org/dev/jokey
3.0.4 in tree. 2.x and 3.0.2 ebuilds have been removed.
1.6.6 is not affected going by CVE entries. closing.
