Summary: | <app-emulation/virtualbox-6.1.24: multiple vulnerabilties (CVE-2021-{2409,2442,2443,2454}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | ceamac, M.Steel, polynomial-c, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.oracle.com/security-alerts/cpujul2021.html#AppendixOVIR | ||
Whiteboard: | B1 [glsa+] | ||
Package list: |
app-emulation/virtualbox-6.1.24 amd64
app-emulation/virtualbox-modules-6.1.24 amd64
app-emulation/virtualbox-additions-6.1.24 amd64
app-emulation/virtualbox-extpack-oracle-6.1.24 amd64
app-emulation/virtualbox-guest-additions-6.1.24
|
Runtime testing required: | --- |
Description
John Helmert III
2021-07-20 23:44:55 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3b158a36ef8cc038a9126b6cab7f7e3c6f9770a commit a3b158a36ef8cc038a9126b6cab7f7e3c6f9770a Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-07-21 08:59:17 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-07-21 09:47:45 +0000 app-emulation/virtualbox*: Bump to version 6.1.24 Bug: https://bugs.gentoo.org/803134 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> app-emulation/virtualbox-additions/Manifest | 1 + .../virtualbox-additions-6.1.24.ebuild | 34 ++ app-emulation/virtualbox-extpack-oracle/Manifest | 1 + .../virtualbox-extpack-oracle-6.1.24.ebuild | 41 ++ app-emulation/virtualbox-guest-additions/Manifest | 1 + .../virtualbox-guest-additions-6.1.24.ebuild | 221 +++++++++ app-emulation/virtualbox-modules/Manifest | 1 + .../virtualbox-modules-6.1.24.ebuild | 55 +++ app-emulation/virtualbox/Manifest | 1 + app-emulation/virtualbox/virtualbox-6.1.24.ebuild | 502 +++++++++++++++++++++ 10 files changed, 858 insertions(+) *** Bug 803203 has been marked as a duplicate of this bug. *** Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Please stabilize. Sanity check failed:
> app-emulation/virtualbox-6.1.24
> depend amd64 dev profile default/linux/amd64/17.0/x32 (2 total)
> ~app-emulation/virtualbox-modules-6.1.24
> depend amd64 stable profile default/linux/amd64/17.1 (15 total)
> ~app-emulation/virtualbox-modules-6.1.24
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (2 total)
> ~app-emulation/virtualbox-modules-6.1.24
> rdepend amd64 stable profile default/linux/amd64/17.1 (15 total)
> ~app-emulation/virtualbox-modules-6.1.24
The following packages should also be stabilized then: app-emulation/virtualbox-additions-6.1.24 app-emulation/virtualbox-extpack-oracle-6.1.24 app-emulation/virtualbox-guest-additions-6.1.24 (In reply to Frank Krömmelbein from comment #13) > The following packages should also be stabilized then: > > app-emulation/virtualbox-additions-6.1.24 > app-emulation/virtualbox-extpack-oracle-6.1.24 > app-emulation/virtualbox-guest-additions-6.1.24 Cheers Frank! CVE-2021-2454 seems especially problematic. x86 done amd64 done all arches done Please cleanup. Unable to check for sanity:
> no match for package: app-emulation/virtualbox-6.1.24
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=0896f6d0ef51a24e9d845d2ac349c6bf98fadb0b commit 0896f6d0ef51a24e9d845d2ac349c6bf98fadb0b Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-31 23:36:15 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-31 23:37:06 +0000 [ GLSA 202208-36 ] Oracle VirtualBox: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/785445 Bug: https://bugs.gentoo.org/803134 Bug: https://bugs.gentoo.org/820425 Bug: https://bugs.gentoo.org/831440 Bug: https://bugs.gentoo.org/839990 Bug: https://bugs.gentoo.org/859391 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-36.xml | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) |