| Summary: | <app-emulation/virtualbox-{bin,additions,extpack-oracle,guest-additions,modules}-4.2.24, <x11-drivers/xf86-video-virtualbox-4.2.24: Graphics Driver(WDDM) Vulnerability (CVE-2014-2441) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | patrick, polynomial-c |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://secunia.com/advisories/57937/ | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
Arches please test and mark stable the following set of packages: =app-emulation/virtualbox-4.2.24 =app-emulation/virtualbox-additions-4.2.24 =app-emulation/virtualbox-bin-4.2.24 =app-emulation/virtualbox-extpack-oracle-4.2.24 =app-emulation/virtualbox-guest-additions-4.2.24 =app-emulation/virtualbox-modules-4.2.24 =x11-drivers/xf86-video-virtualbox-4.2.24 Target keywords are: amd64 x86 CVE-2014-2441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2441): Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests. amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: No Maintainer(s), Thank you for cleanup! NO too, closing. Thank you, everyone! |
From ${URL} : Description A vulnerability has been reported in Oracle VM VirtualBox, which can be exploited by malicious, local users to disclose sensitive information, manipulate certain data, and cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "Graphics driver(WDDM) for Windows guests" component and can be exploited by disclose, update, insert, or delete certain data and to cause a crash. The vulnerability is reported in versions prior to 4.1.32, 4.2.24, and 4.3.10. Solution: Apply update. Further details available to Secunia VIM customers Provided and/or discovered by: It is currently unclear who reported this vulnerability as the Oracle Critical Patch Update for April 2014 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. Original Advisory: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixOVIR @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.