Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 294678 (CVE-2009-3940) - <app-emulation/virtualbox-*-3.0.11 Guest Additions Denial of Service (CVE-2009-3940)
Summary: <app-emulation/virtualbox-*-3.0.11 Guest Additions Denial of Service (CVE-200...
Status: RESOLVED FIXED
Alias: CVE-2009-3940
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-26 08:14 UTC by Alex Legler (RETIRED)
Modified: 2010-01-13 22:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-26 08:14:20 UTC 
CVE-2009-3940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3940):
  Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox
  1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox
  before 3.0.10, allows guest OS users to cause a denial of service
  (memory consumption) on the guest OS via unknown vectors.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-26 08:24:32 UTC 
Can we go stable with 3.0.10 or 3.0.12?
Comment 2 Patrick Lauer gentoo-dev 2009-11-26 12:49:55 UTC 
(In reply to comment #1)
> Can we go stable with 3.0.10 or 3.0.12?
> 
3.0.12 should be good to go.
Comment 3 Patrick Lauer gentoo-dev 2009-11-26 13:20:08 UTC 
Involved packages (hope I didn't forget anyone):

=net-libs/gsoap-2.7.13
=app-emulation/virtualbox-bin-3.0.12
=app-emulation/virtualbox-guest-additions-3.0.12
=app-emulation/virtualbox-modules-3.0.12
=app-emulation/virtualbox-ose-3.0.12
=app-emulation/virtualbox-ose-additions-3.0.12
=x11-drivers/xf86-input-virtualbox-3.0.12
=x11-drivers/xf86-video-virtualbox-3.0.12
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-11-26 16:48:23 UTC 
(In reply to comment #3)
> =net-libs/gsoap-2.7.13

already stable

> =app-emulation/virtualbox-bin-3.0.12
> =app-emulation/virtualbox-guest-additions-3.0.12
> =app-emulation/virtualbox-modules-3.0.12
> =app-emulation/virtualbox-ose-3.0.12
> =app-emulation/virtualbox-ose-additions-3.0.12
> =x11-drivers/xf86-input-virtualbox-3.0.12
> =x11-drivers/xf86-video-virtualbox-3.0.12

Arches, please test and mark stable ^^
Target keywords : "amd64 x86"
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2009-11-27 12:41:23 UTC 
x86 stable
Comment 6 Markus Meier gentoo-dev 2009-11-30 11:19:37 UTC 
amd64 stable, all arches done.
Comment 7 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-30 11:42:04 UTC 
GLSA Voting: NO.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-02 00:07:50 UTC 
No, too. Closing noglsa.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-08 00:34:52 UTC 
Though we have two NOs here, I'd like this to be included in the GLSA for bug 288836. I just modified the draft.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-13 22:14:49 UTC 
GLSA 201001-04, thanks everyone.