Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 519588 - <app-emulation/virtualbox-{bin}-4.3.18: Multiple unspecified vulnerabilities (CVE-2014-{2477,2486,2488,2489,4228,4261})
Summary: <app-emulation/virtualbox-{bin}-4.3.18: Multiple unspecified vulnerabilities ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-10 21:19 UTC by GLSAMaker/CVETool Bot
Modified: 2015-03-18 21:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2014-08-10 21:19:47 UTC 
CVE-2014-4261 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4261):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14
  allows local users to affect confidentiality, integrity, and availability
  via unknown vectors related to Core, a different vulnerability than
  CVE-2014-2487.

CVE-2014-4228 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4228):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local
  users to affect confidentiality, integrity, and availability via vectors
  related to Graphics driver (WDDM) for Windows guests.

CVE-2014-2489 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2489):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12
  allows local users to affect confidentiality, integrity, and availability
  via unknown vectors related to Core.

CVE-2014-2488 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2488):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12
  allows local users to affect confidentiality via unknown vectors related to
  Core.

CVE-2014-2486 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2486):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12
  allows local users to affect integrity and availability via unknown vectors
  related to Core.

CVE-2014-2477 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2477):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12
  allows local users to affect integrity and availability via unknown vectors
  related to Core.


Maintainers, can we proceed with stabilization of 4.2.26? If so, can you please CC arches and list all necessary packages for stabilization.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2014-12-22 13:20:15 UTC 
I've stabilized virtualbox 4.3.18 series which has all these bugs fixed as well.

Dunno if we need a GLSA for this.
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-03-18 18:19:10 UTC 
GLSA vote: no.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-03-18 18:22:07 UTC 
GLSA Vote: No, closing noglsa