Summary: | <app-emulation/virtualbox-6.1.20: multiple vulnerabilities (CPU April 2021) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ceamac, polynomial-c, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixOVIR | ||
Whiteboard: | B1 [glsa+] | ||
Package list: |
app-emulation/virtualbox-6.1.20-r1 amd64
app-emulation/virtualbox-additions-6.1.20 amd64
app-emulation/virtualbox-extpack-oracle-6.1.20.143896 amd64
app-emulation/virtualbox-guest-additions-6.1.20
app-emulation/virtualbox-modules-6.1.20 amd64
|
Runtime testing required: | --- |
Description
John Helmert III
2021-04-24 18:53:29 UTC
Fixes apparently in 6.1.20, please stabilize. Unable to check for sanity:
> no match for package: app-emulation/virtualbox-6.1.20
Sanity check failed:
> app-emulation/virtualbox-6.1.20-r1
> depend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> ~app-emulation/virtualbox-modules-6.1.20
> depend amd64 stable profile default/linux/amd64/17.1 (15 total)
> ~app-emulation/virtualbox-modules-6.1.20
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> ~app-emulation/virtualbox-modules-6.1.20
> rdepend amd64 stable profile default/linux/amd64/17.1 (15 total)
> ~app-emulation/virtualbox-modules-6.1.20
amd64 done Please stabilize 6.1.22 instead of 6.1.20. 6.1.20 has regression bugs (storage and GUI), and therefore 6.1.22 was released relatively quickly after 6.1.20. See https://www.virtualbox.org/wiki/Changelog-6.1#v22 x86 done all arches done Unable to check for sanity:
> no match for package: app-emulation/virtualbox-6.1.20-r1
CVE-2021-2264 looks like a root privilege escalation. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0896f6d0ef51a24e9d845d2ac349c6bf98fadb0b commit 0896f6d0ef51a24e9d845d2ac349c6bf98fadb0b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-31 23:36:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-31 23:37:06 +0000 [ GLSA 202208-36 ] Oracle VirtualBox: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785445 Bug: https://bugs.gentoo.org/803134 Bug: https://bugs.gentoo.org/820425 Bug: https://bugs.gentoo.org/831440 Bug: https://bugs.gentoo.org/839990 Bug: https://bugs.gentoo.org/859391 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-36.xml | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) |