Bug 537218 (CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, CVE-2015-0377, CVE-2015-0418, CVE-2015-0427)

Summary:	<app-emulation/virtualbox{,-bin}-4.3.20: Multiple vulnerabilities (CVE-2014-{6588,6589,6590,6595},CVE-2015-{0377,0418,0427})
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	patrick, polynomial-c
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B2 [glsa cve]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2015-01-21 10:02:12 UTC

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR

Comment 1 GLSAMaker/CVETool Bot gentoo-dev

2015-02-11 18:04:14 UTC

CVE-2015-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0427):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox prior to 4.3.20 allows local users to affect
  integrity and availability via vectors related to VMSVGA virtual graphics
  device, a different vulnerability than CVE-2014-6588, CVE-2014-6589,
  CVE-2014-6590, and CVE-2014-6595.

CVE-2015-0418 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0418):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows
  local users to affect availability via unknown vectors related to Core, a
  different vulnerability than CVE-2015-0377.

CVE-2015-0377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0377):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows
  local users to affect availability via unknown vectors related to Core, a
  different vulnerability than CVE-2015-0418.

CVE-2014-6595 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6595):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 4.3.20 allows local users to affect
  integrity and availability via vectors related to VMSVGA virtual graphics
  device, a different vulnerability than CVE-2014-6588, CVE-2014-6589,
  CVE-2014-6590, and CVE-2015-0427.

CVE-2014-6590 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6590):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 4.3.20 allows local users to affect
  integrity and availability via vectors related to VMSVGA virtual graphics
  device, a different vulnerability than CVE-2014-6588, CVE-2014-6589,
  CVE-2014-6595, and CVE-2015-0427.

CVE-2014-6589 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6589):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 4.3.20 allows local users to affect
  integrity and availability via vectors related to VMSVGA virtual graphics
  device, a different vulnerability than CVE-2014-6588, CVE-2014-6590,
  CVE-2014-6595, and CVE-2015-0427.

CVE-2014-6588 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6588):
  Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
  Virtualization VirtualBox before 4.3.20 allows local users to affect
  integrity and availability via vectors related to VMSVGA virtual graphics
  device, a different vulnerability than CVE-2014-6589, CVE-2014-6590,
  CVE-2014-6595, and CVE-2015-0427.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2016-12-11 23:45:26 UTC

This issue was resolved and addressed in
 GLSA 201612-27 at https://security.gentoo.org/glsa/201612-27
by GLSA coordinator Kristian Fiskerstrand (K_F).