SuSE Local Security Checks : openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:0382-1)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.851508

Kategorie: SuSE Local Security Checks

Titel: openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:0382-1)

Zusammenfassung: The remote host is missing an update for the 'virtualbox'; package(s) announced via the referenced advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'virtualbox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
This update for virtualbox to version 5.1.14 fixes the following issues:

These security issues were fixed:

- CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox
allows unauthenticated attacker unauthorized update, insert or delete
access to some data as well as unauthorized read access to a subset of
VirtualBox accessible data and unauthorized ability to cause a partial
denial of service (bsc#1020856).

- CVE-2017-3290: Vulnerability in the Shared Folder subcomponent of
virtualbox allows high privileged attacker unauthorized creation,
deletion or modification access to critical data and unauthorized
ability to cause a hang or frequently repeatable crash (bsc#1020856).

- CVE-2017-3316: Vulnerability in the GUI subcomponent of virtualbox
allows high privileged attacker with network access via multiple
protocols to compromise Oracle VM VirtualBox (bsc#1020856).

- CVE-2017-3332: Vulnerability in the SVGA Emulation subcomponent of
virtualbox allows low privileged attacker unauthorized creation,
deletion or modification access to critical data and unauthorized
ability to cause a hang or frequently repeatable crash (bsc#1020856).

For other changes please read the changelog.

Affected Software/OS:
virtualbox on openSUSE Leap 42.2

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2016-5545
BugTraq ID: 95590
http://www.securityfocus.com/bid/95590
https://security.gentoo.org/glsa/201702-08
http://www.securitytracker.com/id/1037638
Common Vulnerability Exposure (CVE) ID: CVE-2017-3290
BugTraq ID: 95601
http://www.securityfocus.com/bid/95601
Common Vulnerability Exposure (CVE) ID: CVE-2017-3316
BugTraq ID: 95579
http://www.securityfocus.com/bid/95579
https://www.exploit-db.com/exploits/41196/
Common Vulnerability Exposure (CVE) ID: CVE-2017-3332
BugTraq ID: 95599
http://www.securityfocus.com/bid/95599

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.851508
Kategorie:	SuSE Local Security Checks
Titel:	openSUSE: Security Advisory for virtualbox (openSUSE-SU-2017:0382-1)
Zusammenfassung:	The remote host is missing an update for the 'virtualbox'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'virtualbox' package(s) announced via the referenced advisory. Vulnerability Insight: This update for virtualbox to version 5.1.14 fixes the following issues: These security issues were fixed: - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox allows unauthenticated attacker unauthorized update, insert or delete access to some data as well as unauthorized read access to a subset of VirtualBox accessible data and unauthorized ability to cause a partial denial of service (bsc#1020856). - CVE-2017-3290: Vulnerability in the Shared Folder subcomponent of virtualbox allows high privileged attacker unauthorized creation, deletion or modification access to critical data and unauthorized ability to cause a hang or frequently repeatable crash (bsc#1020856). - CVE-2017-3316: Vulnerability in the GUI subcomponent of virtualbox allows high privileged attacker with network access via multiple protocols to compromise Oracle VM VirtualBox (bsc#1020856). - CVE-2017-3332: Vulnerability in the SVGA Emulation subcomponent of virtualbox allows low privileged attacker unauthorized creation, deletion or modification access to critical data and unauthorized ability to cause a hang or frequently repeatable crash (bsc#1020856). For other changes please read the changelog. Affected Software/OS: virtualbox on openSUSE Leap 42.2 Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2016-5545 BugTraq ID: 95590 http://www.securityfocus.com/bid/95590 https://security.gentoo.org/glsa/201702-08 http://www.securitytracker.com/id/1037638 Common Vulnerability Exposure (CVE) ID: CVE-2017-3290 BugTraq ID: 95601 http://www.securityfocus.com/bid/95601 Common Vulnerability Exposure (CVE) ID: CVE-2017-3316 BugTraq ID: 95579 http://www.securityfocus.com/bid/95579 https://www.exploit-db.com/exploits/41196/ Common Vulnerability Exposure (CVE) ID: CVE-2017-3332 BugTraq ID: 95599 http://www.securityfocus.com/bid/95599
Copyright	Copyright (C) 2017 Greenbone Networks GmbH