Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 294678 (CVE-2009-3940) - <app-emulation/virtualbox-*-3.0.11 Guest Additions Denial of Service (CVE-2009-3940)
Summary: <app-emulation/virtualbox-*-3.0.11 Guest Additions Denial of Service (CVE-200...
Status: RESOLVED FIXED
Alias: CVE-2009-3940
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-26 08:14 UTC by Alex Legler (RETIRED)
Modified: 2010-01-13 22:14 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-26 08:14:20 UTC
CVE-2009-3940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3940):
  Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox
  1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox
  before 3.0.10, allows guest OS users to cause a denial of service
  (memory consumption) on the guest OS via unknown vectors.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-26 08:24:32 UTC
Can we go stable with 3.0.10 or 3.0.12?
Comment 2 Patrick Lauer gentoo-dev 2009-11-26 12:49:55 UTC
(In reply to comment #1)
> Can we go stable with 3.0.10 or 3.0.12?
> 
3.0.12 should be good to go.
Comment 3 Patrick Lauer gentoo-dev 2009-11-26 13:20:08 UTC
Involved packages (hope I didn't forget anyone):

=net-libs/gsoap-2.7.13
=app-emulation/virtualbox-bin-3.0.12
=app-emulation/virtualbox-guest-additions-3.0.12
=app-emulation/virtualbox-modules-3.0.12
=app-emulation/virtualbox-ose-3.0.12
=app-emulation/virtualbox-ose-additions-3.0.12
=x11-drivers/xf86-input-virtualbox-3.0.12
=x11-drivers/xf86-video-virtualbox-3.0.12

Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-11-26 16:48:23 UTC
(In reply to comment #3)
> =net-libs/gsoap-2.7.13

already stable

> =app-emulation/virtualbox-bin-3.0.12
> =app-emulation/virtualbox-guest-additions-3.0.12
> =app-emulation/virtualbox-modules-3.0.12
> =app-emulation/virtualbox-ose-3.0.12
> =app-emulation/virtualbox-ose-additions-3.0.12
> =x11-drivers/xf86-input-virtualbox-3.0.12
> =x11-drivers/xf86-video-virtualbox-3.0.12

Arches, please test and mark stable ^^
Target keywords : "amd64 x86"


Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2009-11-27 12:41:23 UTC
x86 stable
Comment 6 Markus Meier gentoo-dev 2009-11-30 11:19:37 UTC
amd64 stable, all arches done.
Comment 7 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-11-30 11:42:04 UTC
GLSA Voting: NO.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2009-12-02 00:07:50 UTC
No, too. Closing noglsa.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2010-01-08 00:34:52 UTC
Though we have two NOs here, I'd like this to be included in the GLSA for bug 288836. I just modified the draft.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-13 22:14:49 UTC
GLSA 201001-04, thanks everyone.