VirtualBox: Multiple vulnerabilities
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 201204-01 / virtualbox |
| Release Date |
April 09, 2012 |
| Latest Revision |
April 09, 2012: 1 |
| Impact |
normal |
| Exploitable |
local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| app-emulation/virtualbox |
<
4.1.8 |
>=
4.1.8 |
All supported architectures
|
| app-emulation/virtualbox-bin |
<
4.1.8 |
>=
4.1.4 |
All supported architectures
|
Related bugreports:
#386317, #399807
Synopsis
Multiple vulnerabilities were found in VirtualBox, allowing local
attackers to gain escalated privileges.
2.
Impact Information
Background
VirtualBox is a powerful virtualization product from Oracle.
Description
Multiple unspecified vulnerabilities have been discovered in VirtualBox.
Please review the CVE identifiers referenced below for details.
Impact
A local attacker may be able to gain escalated privileges via unknown
attack vectors.
3.
Resolution Information
Workaround
There is no known workaround at this time.
Resolution
All VirtualBox users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/virtualbox-4.1.8"
|
All VirtualBox binary users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-emulation/virtualbox-bin-4.1.8"
|
4.
References
|
