[Pkg-virtualbox-devel] Bug#635276: Bug#635276: CVE-2011-2305 / CVE-2011-2300
Michael Meskes
meskes at debian.org
Wed Jul 27 08:58:13 UTC 2011
> These issues were found by Tarjei Mandt, and are described in this blog post:
> http://mista.nu/blog/author/mista/
>
> CVE-2011-2300 allows gaining elevated privileges within a Windows
> guest due to a vulnerability in the Windows Guest Additions.
It's impossible to check the details here because we only distribute the
Windows Guest Additions as binary in non-free. According to the blog entry
4.0.10, the version in unstable and testing, is fine. I cannot tell ifrom our
sources if the old 3.2.10 version in stable is affected at all. However, if it
was, there is no way to update that package short of uploading the new 4.0
version to stable.
> CVE-2011-2305 allows executing arbitrary code on the host due to a
> vulnerability in the VirtualBox graphics stack.
This one affects only the version in backports. Unstable and testing already
have 4.0.10 which already contains the fix and stable has 3.2.10 which didn't
have the problem.
Michael
--
Michael Meskes
Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org)
Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org
Jabber: michael.meskes at googlemail dot com
VfL Borussia! Força Barça! Go SF 49ers! Use Debian GNU/Linux, PostgreSQL
More information about the Pkg-virtualbox-devel
mailing list