Overview

File _patchinfo of Package patchinfo.3477

<patchinfo incident="3477">
  <issue id="914447" tracker="bnc">VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug</issue>
  <issue id="CVE-2015-0418" tracker="cve" />
  <issue id="CVE-2015-0377" tracker="cve" />
  <issue id="CVE-2014-0224" tracker="cve" />
  <issue id="CVE-2014-6595" tracker="cve" />
  <issue id="CVE-2014-6589" tracker="cve" />
  <issue id="CVE-2014-6588" tracker="cve" />
  <issue id="CVE-2014-6590" tracker="cve" />
  <issue id="CVE-2015-0427" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>scarabeus_iv</packager>
  <description>virtualbox was updated to version 4.2.28 to fix eight security issues.

These security issues were fixed:
- OpenSSL fixes for VirtualBox (CVE-2014-0224)
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418 (CVE-2015-0377, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427 (CVE-2014-6595, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6588, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6589, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427 (CVE-2014-6590, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595 (CVE-2015-0427, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377 (CVE-2015-0418, bnc#914447).

For the full changelog please read https://www.virtualbox.org/wiki/Changelog-4.2
  </description>
  <summary>Security update for virtualbox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places