{"id":"MGASA-2014-0184","summary":"Updated virtualbox packages fixes security vulnerabilities","details":"Multiple vulnerabilities in the Oracle VM VirtualBox component in Oracle\nVirtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and\n4.3.4 allows local users to affect integrity and availability via unknown\nvectors related to Core (CVE-2013-5892, CVE-2014-0404, CVE-2014-0405,\nCVE-2014-0406, CVE-2014-0407).\n\nVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x\nbefore 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before\n4.3.8, when using 3D Acceleration allows local guest OS users to execute\narbitrary code on the Chromium server via crafted Chromium network pointer\nin a CR_MESSAGE_READBACK or CR_MESSAGE_WRITEBACK message to the\nVBoxSharedCrOpenGL service, which triggers an arbitrary pointer\ndereference and memory corruption (CVE-2014-0981).\n\nMultiple array index errors in programs that are automatically generated by\nVBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle\nVirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D\nAcceleration, allow local guest OS users to execute arbitrary code on the\nChromium server via certain CR_MESSAGE_OPCODES messages with a crafted\nindex, which are not properly handled (CVE-2014-0983).\n\nThe virtualbox packages has been updated to 4.3.10 maintenance release that\nresolves theese issues and other upstream reported issues (for more info\ncheck the referenced changelog).\n\nThis update also resolves the following:\n- load virtualbox modules on install (mga#8826)\n- missing GUI translations (mga#12578)\n","modified":"2026-04-16T06:24:06.444979828Z","published":"2014-04-20T18:48:47Z","upstream":["CVE-2013-5892","CVE-2014-0404","CVE-2014-0405","CVE-2014-0406","CVE-2014-0407","CVE-2014-0981","CVE-2014-0983"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0184.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12384"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12578"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=8826"},{"type":"WEB","url":"http://lwn.net/Vulnerabilities/581307/"},{"type":"WEB","url":"http://security.gentoo.org/glsa/glsa-201401-13.xml"}],"affected":[{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.10-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0184.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.10-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0184.json"}},{"package":{"name":"virtualbox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.10-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0184.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}