{"id":"MGASA-2017-0135","summary":"Updated virtualbox packages fixes security vulnerabilities","details":"This update provides virtualbox 5.1.22 maintenance release and resolves\nat least the following security issues:\n\nA vulnerability in the core subcomponent of virtualbox allows high privilegied\nattacker unauthorized read access to a subset of VirtualBox accessible data\n(CVE-2017-3513).\n\nA vulnerability in the core subcomponent of virtualbox allows unauthenticated\nattacker unauthorized update, insert or delete access to some data as well\nas unauthorized read access to a subset of VirtualBox accessible data and\nunauthorized ability to cause hang or frequently repeatable crash resulting\nin denialv of service (CVE-2017-3558).\n\nVulnerabilities in the core subcomponent of virtualbox allows unauthenticated\nattacker unauthorized update, insert or delete access to some data as well\nas unauthorized read access to a subset of VirtualBox accessible data and\nunauthorized ability to cause hang or frequently repeatable crash resulting\nin denial of service (CVE-2017-3559, CVE-2017-3575).\n\nVulnerabilities in the core subcomponent of virtualbox allows low privilegied\nattacker to fully compromise virtualbox (CVE-2017-3561, CVE-2017-3563,\nCVE-2017-3576).\n\nA vulnerability in the Shared Folder subcomponent of virtualbox allows high\nprivileged attacker unauthorized creation, deletion or modification access\nto critical data, unauthorized access to critical data to all virtualbox\naccessible data and unauthorized ability to cause a hang or frequently\nrepeatable crash (CVE-2017-3587).\n\nFor other fixes in this update, see the referenced changelog.\n","modified":"2026-04-16T06:24:29.700465762Z","published":"2017-05-09T06:35:29Z","upstream":["CVE-2017-3513","CVE-2017-3558","CVE-2017-3559","CVE-2017-3561","CVE-2017-3563","CVE-2017-3575","CVE-2017-3576","CVE-2017-3587"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0135.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20729"},{"type":"WEB","url":"https://www.virtualbox.org/wiki/Changelog"}],"affected":[{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0135.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0135.json"}},{"package":{"name":"virtualbox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.1.22-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0135.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}