[prev in list] [next in list] [prev in thread] [next in thread]
List: vbox-dev
Subject: [vbox-dev] Fwd: Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595
From: Ritesh Raj Sarraf <rrs () researchut ! com>
Date: 2015-01-21 13:37:40
Message-ID: 54BFA8D4.7050404 () researchut ! com
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
[Attachment #4 (multipart/mixed)]
[Attachment #6 (multipart/alternative)]
The recently declared CVEs for VBox have fixes mentioned only in the
4.3.20 release.
Debian Jessie is frozen, and for it, we have targeted the 4.3.18
release. Do you have the broken out patches that fix the vulnerabilities =
?
[Attachment #9 (text/html)]
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#CCCCCC">
The recently declared CVEs for VBox have fixes mentioned only in the
4.3.20 release.<br>
<br>
Debian Jessie is frozen, and for it, we have targeted the 4.3.18
release. Do you have the broken out patches that fix the
vulnerabilities ? <br>
</body>
</html>
["Re: Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589
CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427.eml" (message/rfc822)]
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
[Attachment #12 (multipart/alternative)]
On 01/21/2015 12:53 PM, Moritz Muehlenhoff wrote:
> Package: virtualbox
> Severity: grave
> Tags: security
> Justification: user security hole
>
> No specific details available yet:
> http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
>
> Cheers,
> Moritz
>
The following matrix is what I could grab.
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR
CVE-2014-6595 Oracle VM VirtualBox None VMSVGA device No 3.2
Local Low Single None Partial+ Partial+ VirtualBox prior to
4.3.20 See Note 3
CVE-2014-6588 Oracle VM VirtualBox None VMSVGA device No 3.2
Local Low Single None Partial+ Partial+ VirtualBox prior to
4.3.20 See Note 3
CVE-2014-6589 Oracle VM VirtualBox None VMSVGA device No 3.2
Local Low Single None Partial+ Partial+ VirtualBox prior to
4.3.20 See Note 3
CVE-2014-6590 Oracle VM VirtualBox None VMSVGA device No 3.2
Local Low Single None Partial+ Partial+ VirtualBox prior to
4.3.20 See Note 3
CVE-2015-0427 Oracle VM VirtualBox None VMSVGA device No 3.2
Local Low Single None Partial+ Partial+ VirtualBox prior to
4.3.20 See Note 3
CVE-2015-0418 Oracle VM VirtualBox None Core No 2.1 Local Low
None None None Partial+ VirtualBox prior to 3.2.26, 4.0.28, 4.1.36,
4.2.28
*Notes:*
1. This fix also addresses CVE-2014-0231, CVE-2014-0118 and CVE-2014-5704.
2. This fix also addresses CVE-2014-0221, CVE-2014-0195, CVE-2014-0198,
CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076.
3. VMSVGA virtual graphics device is not documented and is disabled by
default.
@Moritz: There's nothing more detailed than the statement that all
versions proior to 4.3.20 are vulnerable.
4.3.20 is in experimental right now.
--
Ritesh Raj Sarraf
RESEARCHUT - http://www.researchut.com
"Necessity is the mother of invention."
[Attachment #15 (text/html)]
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#CCCCCC">
<div class="moz-cite-prefix">On 01/21/2015 12:53 PM, Moritz
Muehlenhoff wrote:<br>
</div>
<blockquote
cite="mid:20150121072340.944.54648.reportbug@m25s06.vlinux.de"
type="cite">
<pre wrap="">Package: virtualbox
Severity: grave
Tags: security
Justification: user security hole
No specific details available yet:
<a class="moz-txt-link-freetext" \
href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html</a>
Cheers,
Moritz
</pre>
</blockquote>
<br>
The following matrix is what I could grab.<br>
<br>
<a class="moz-txt-link-freetext" \
href="http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#Append \
ixOVIR">http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR</a><br>
<br>
<table summary="Oracle Risk Matrix" class="texta" border="1"
cellspacing="0">
<tbody style="background-color: #ffffff;">
<tr>
<td style="padding: 1px; text-align: center;" height="54"
valign="middle"><span style="white-space: \
nowrap">CVE-2014-6595</span></td>
<td style="padding: 1px; text-align: center;" valign="middle">Oracle
VM VirtualBox</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">VMSVGA
device</td>
<td style="padding: 1px; text-align: center;" valign="middle">No</td>
<td style="padding: 1px; text-align: center;" valign="middle">3.2</td>
<td style="padding: 1px; text-align: center;" valign="middle">Local</td>
<td style="padding: 1px; text-align: center;" valign="middle">Low</td>
<td style="padding: 1px; text-align: center;" valign="middle">Single</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">VirtualBox
prior to 4.3.20</td>
<td style="padding: 1px; text-align: center;" valign="middle">See
Note 3</td>
</tr>
<tr>
<td style="padding: 1px; text-align: center;" height="54"
valign="middle"><span style="white-space: \
nowrap">CVE-2014-6588</span></td>
<td style="padding: 1px; text-align: center;" valign="middle">Oracle
VM VirtualBox</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">VMSVGA
device</td>
<td style="padding: 1px; text-align: center;" valign="middle">No</td>
<td style="padding: 1px; text-align: center;" valign="middle">3.2</td>
<td style="padding: 1px; text-align: center;" valign="middle">Local</td>
<td style="padding: 1px; text-align: center;" valign="middle">Low</td>
<td style="padding: 1px; text-align: center;" valign="middle">Single</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">VirtualBox
prior to 4.3.20</td>
<td style="padding: 1px; text-align: center;" valign="middle">See
Note 3</td>
</tr>
<tr>
<td style="padding: 1px; text-align: center;" height="54"
valign="middle"><span style="white-space: \
nowrap">CVE-2014-6589</span></td>
<td style="padding: 1px; text-align: center;" valign="middle">Oracle
VM VirtualBox</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">VMSVGA
device</td>
<td style="padding: 1px; text-align: center;" valign="middle">No</td>
<td style="padding: 1px; text-align: center;" valign="middle">3.2</td>
<td style="padding: 1px; text-align: center;" valign="middle">Local</td>
<td style="padding: 1px; text-align: center;" valign="middle">Low</td>
<td style="padding: 1px; text-align: center;" valign="middle">Single</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">VirtualBox
prior to 4.3.20</td>
<td style="padding: 1px; text-align: center;" valign="middle">See
Note 3</td>
</tr>
<tr>
<td style="padding: 1px; text-align: center;" height="54"
valign="middle"><span style="white-space: \
nowrap">CVE-2014-6590</span></td>
<td style="padding: 1px; text-align: center;" valign="middle">Oracle
VM VirtualBox</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">VMSVGA
device</td>
<td style="padding: 1px; text-align: center;" valign="middle">No</td>
<td style="padding: 1px; text-align: center;" valign="middle">3.2</td>
<td style="padding: 1px; text-align: center;" valign="middle">Local</td>
<td style="padding: 1px; text-align: center;" valign="middle">Low</td>
<td style="padding: 1px; text-align: center;" valign="middle">Single</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">VirtualBox
prior to 4.3.20</td>
<td style="padding: 1px; text-align: center;" valign="middle">See
Note 3</td>
</tr>
<tr>
<td style="padding: 1px; text-align: center;" height="54"
valign="middle"><span style="white-space: \
nowrap">CVE-2015-0427</span></td>
<td style="padding: 1px; text-align: center;" valign="middle">Oracle
VM VirtualBox</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">VMSVGA
device</td>
<td style="padding: 1px; text-align: center;" valign="middle">No</td>
<td style="padding: 1px; text-align: center;" valign="middle">3.2</td>
<td style="padding: 1px; text-align: center;" valign="middle">Local</td>
<td style="padding: 1px; text-align: center;" valign="middle">Low</td>
<td style="padding: 1px; text-align: center;" valign="middle">Single</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">VirtualBox
prior to 4.3.20</td>
<td style="padding: 1px; text-align: center;" valign="middle">See
Note 3</td>
</tr>
<tr>
<td style="padding: 1px; text-align: center;" height="54"
valign="middle"><span style="white-space: \
nowrap">CVE-2015-0418</span></td>
<td style="padding: 1px; text-align: center;" valign="middle">Oracle
VM VirtualBox</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Core</td>
<td style="padding: 1px; text-align: center;" valign="middle">No</td>
<td style="padding: 1px; text-align: center;" valign="middle">2.1</td>
<td style="padding: 1px; text-align: center;" valign="middle">Local</td>
<td style="padding: 1px; text-align: center;" valign="middle">Low</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">None</td>
<td style="padding: 1px; text-align: center;" valign="middle">Partial+</td>
<td style="padding: 1px; text-align: center;" valign="middle">VirtualBox
prior to 3.2.26, 4.0.28, 4.1.36, 4.2.28</td>
<td style="padding: 1px; text-align: center;" valign="middle"> </td>
</tr>
</tbody>
</table>
<p> </p>
<p><strong>Notes:</strong></p>
<ol>
<li style="list-style-type: decimal; margin-left: 25px;
margin-bottom: 4px;">This fix also addresses CVE-2014-0231,
CVE-2014-0118 and CVE-2014-5704.</li>
<li style="list-style-type: decimal; margin-left: 25px;
margin-bottom: 4px;">This fix also addresses CVE-2014-0221,
CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and
CVE-2014-0076.</li>
<li style="list-style-type: decimal; margin-left: 25px;
margin-bottom: 4px;">VMSVGA virtual graphics device is not
documented and is disabled by default.</li>
</ol>
<br>
<br>
@Moritz: There's nothing more detailed than the statement that all
versions proior to 4.3.20 are vulnerable. <br>
4.3.20 is in experimental right now.<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
Ritesh Raj Sarraf
RESEARCHUT - <a class="moz-txt-link-freetext" \
href="http://www.researchut.com">http://www.researchut.com</a> "Necessity is the \
mother of invention." </pre>
</body>
</html>
["signature.asc" (application/pgp-signature)]
["signature.asc" (application/pgp-signature)]
_______________________________________________
vbox-dev mailing list
vbox-dev@virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic