Debian Security Advisory DSA 2878-1 (virtualbox - Security Update) Network Vulnerability

Summary

Matthew Daley discovered multiple vulnerabilities in VirtualBox, a x86 virtualisation solution, resulting in denial of service, privilege escalation and an information leak.

Solution

For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze2 of the virtualbox-ose source package. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u2. For the testing distribution (jessie), these problems have been fixed in version 4.3.6-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.6-dfsg-1. We recommend that you upgrade your virtualbox packages.

Insight

VirtualBox is a free x86 virtualization solution allowing a wide range of x86 operating systems such as Windows, DOS, BSD or Linux to run on a Linux system.

Affected

virtualbox on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2878.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-5892, CVE-2014-0404, CVE-2014-0406, CVE-2014-0407

CVSS	Base Score: 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 2878-1 (virtualbox - security update)

Take action and discover your vulnerabilities