Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 600214 (CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613) - app-emulation/virtualbox-{,bin}-{5.0.28, 5.1.8}: multiple vulnerabilities (CVE-2016-{5608,5610,5611,5613})
Summary: app-emulation/virtualbox-{,bin}-{5.0.28, 5.1.8}: multiple vulnerabilities (CV...
Status: RESOLVED FIXED
Alias: CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-19 06:22 UTC by Aaron Bauman
Modified: 2017-08-06 21:20 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-11-19 06:22:54 UTC
CVE's inbound...
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2016-11-19 06:25:23 UTC
CVE-2016-5613 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5613):
  Unspecified vulnerability in the Oracle VM VirtualBox component before
  5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to
  affect availability via vectors related to Core, a different vulnerability
  than CVE-2016-5608.

CVE-2016-5611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5611):
  Unspecified vulnerability in the Oracle VM VirtualBox component before
  5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to
  affect confidentiality via vectors related to Core.

CVE-2016-5610 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5610):
  Unspecified vulnerability in the Oracle VM VirtualBox component before
  5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to
  affect confidentiality, integrity, and availability via vectors related to
  Core.

CVE-2016-5608 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5608):
  Unspecified vulnerability in the Oracle VM VirtualBox component before
  5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to
  affect availability via vectors related to Core, a different vulnerability
  than CVE-2016-5613.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev Security 2017-04-19 06:03:07 UTC
Vulnerable versions:
<5.0.28 and <5.1.8
Current Versions stable = 5.0.32
Vulnerable versions in tree need cleanup before closing the bug.

GLSA Vote: No
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2017-05-27 00:40:30 UTC
Maintainer(s), please drop the vulnerable version(s).
Comment 4 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-08-06 14:37:10 UTC
Ping.

No updates since 05/17.

Security Team Padawan
ChrisADR
Comment 6 Mart Raudsepp gentoo-dev 2017-08-06 21:20:08 UTC
The cleanup was reverted, however it seems a p.mask was added instead, so I think that constitutes as cleanup as well