{"id":"MGASA-2019-0216","summary":"Updated virtualbox packages fix security vulnerabilities","details":"OpenSSL versions 1.1.0 through 1.1.0j and 1.1.1 through 1.1.1b are\nsusceptible to a vulnerability that could lead to disclosure of sensitive\ninformation or the addition or modification of data (CVE-2019-1543).\n\nOracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\nunauthorized ability to cause a hang or frequently repeatable crash\n(complete DOS) of Oracle VM VirtualBox (CVE-2019-2848).\n\nOracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful\nattacks require human interaction from a person other than the attacker.\nSuccessful attacks of this vulnerability can result in unauthorized ability\nto cause a partial denial of service (partial DOS) of Oracle VM VirtualBox\n(CVE-2019-2850).\n\nOracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\ntakeover of Oracle VM VirtualBox (CVE-2019-2859).\n\nOracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\nunauthorized access to critical data or complete access to all Oracle VM\nVirtualBox accessible data (CVE-2019-2863).\n\nOracle VM VirtualBox prior to 6.0.10 has a difficult to exploit\nvulnerability allows high privileged attacker with logon to the\ninfrastructure where Oracle VM VirtualBox executes to compromise Oracle\nVM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks\nmay significantly impact additional products. Successful attacks of this\nvulnerability can result in takeover of Oracle VM VirtualBox\n(CVE-2019-2864, CVE-2019-2865).\n\nOracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability\nallows high privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the\nvulnerability is in Oracle VM VirtualBox, attacks may significantly impact\nadditional products. Successful attacks of this vulnerability can result in\ntakeover of Oracle VM VirtualBox (CVE-2019-2866, CVE-2019-2867).\n\nOracle VM VirtualBox prior to 6.0.10 has an easily exploitable vulnerability\nthat allows low privileged attacker with logon to the infrastructure where\nOracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful\nattacks of this vulnerability can result in unauthorized ability to cause a\npartial denial of service (partial DOS) of Oracle VM VirtualBox\n(CVE-2019-2873, CVE-2019-2874, CVE-2019-2875, CVE-2019-2876, CVE-2019-2877).\n","modified":"2026-02-04T02:35:32.715629Z","published":"2019-07-27T16:44:28Z","related":["CVE-2019-1543","CVE-2019-2848","CVE-2019-2850","CVE-2019-2859","CVE-2019-2863","CVE-2019-2864","CVE-2019-2865","CVE-2019-2866","CVE-2019-2867","CVE-2019-2873","CVE-2019-2874","CVE-2019-2875","CVE-2019-2876","CVE-2019-2877"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0216.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25161"},{"type":"REPORT","url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html#AppendixOVIR"}],"affected":[{"package":{"name":"virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0216.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0216.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0216.json"}},{"package":{"name":"virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0216.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.10-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0216.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}