Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0510 virtualbox security update 16 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: virtualbox Publisher: Debian Operating System: Debian GNU/Linux 7 Debian GNU/Linux 6 Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Resolution: Patch/Upgrade CVE Names: CVE-2014-0983 CVE-2014-0981 Reference: ASB-2014.0053 Original Bulletin: http://www.debian.org/security/2014/dsa-2904 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2904-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff April 15, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : virtualbox CVE ID : CVE-2014-0981 CVE-2014-0983 Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze3. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u3. For the testing distribution (jessie), these problems have been fixed in version 4.3.10-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.10-dfsg-1. We recommend that you upgrade your virtualbox packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJTTUziAAoJEBDCk7bDfE42MekP/Ai1gSHVubS/qQRSGKHEiI6H 6VarynkrRajIvDLZFIZt7Ele6ftbtgsSW43Ih8kYGT/24qBegem4EXtucfpE8F+v beNt1hreLmdRkI2uReJb/0PxvWFtDxG/7RTOu7GgPUQjaKDbNEBt01uNhGUc922F Qnp5U0z4hlGEEOAKc0vTeLvswXEV/vrURE08QMnNLeACwaU7+umAjWj37RpZqZCo 5aD3WNBP/ppj4bgEDUDVLF4S1krTf+okHeMj9wQbOkjv1+uqSTyKNKjB6hzStmsx 83MZBSzPB4ygqUrCVNATJwzq6hDMEA8plq9ykPhRWlXzv9QDihXt+DvDSgR9K/Gw Y6l8ZfFKr0jCKtxmOaNWGf0OjcD2h9xeZjpm4g/j62wVcgpsC47cH5LgE4okRHsX x7l7ajayfjyQMTleYuOj+waW0IHEBVdHX94I3152RFKaylxMNy+lXYjoWOg0+kaI x/umzArnVXMgmntMM9s9jYEthDdaCIzEH5WfXj7JRL+CJOeaAKX3HxeGpB72YDxF mp80h6Q+JECh0691d6IWASiSHKcL4ttw/CyN3WiSIheaSBFiaRBm9CPcLU3sPJIC BcnkviZjV+U0bX8pOlUNLnpOmmL+D+DQ1eVH30x1bpy9XtNyIqr/j7PVRf6n5wIC /R7WTLeveHYYkFdJmr/L =1A2n - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU03bpRLndAQH1ShLAQKqgBAAj7z0FCZmiTjZtaePHwAjK8ThSEkvmjWz IooOf26EY+fMjxKUpNxkc3c5PVMa1BTXKefOm8WaOswiTvv6l9Z9TI8CHK0klJ6r oEoJI2xx16kA9r/oNd9mDA2laqSFVHc2v2iK32ifqlv6mNxP73pvC4ut7xvNxMKH sjy3VMxGpNbzX2skW+1PchjaOEkXP1SapqFtUB8jLK5lRBUlRrhsowjgsrwhaPL/ uF7+dLSh00rPvmJqiyVIXSMeuMH8hd40pRYiEwaYzcvrWA1rQqyOv1bCKdcATfQU 0GwZM0wy7PZKcpQ3N7E/IeRXiDf6dxFF7SXbzNLX7vth6P+qydwwCVEyMbL9Q9gK vr32fFYj9TDm/2IYLeMyJhFyPm3NeMW0y+a3ZSYxA7m2t+/PGK2j/gmbB6cjfmpS gsGMaXnhBMkzURNwyUxZBeptS9giC9Nus63jwKa/cM8YyE0Pe2wXGbqt4nR/7uKb 5zMrbdX2t3qqZrLbR0VjN/FbWMJNsetSdlmCpvVvs4gJn2gu/vbNCopdRX7chLeR RdXEuCbxcFofhKWhmRdVMEt0C7TMUM68z2QDeVXQYLL8e2hubgnLoKBjRaart5H7 P9qNW5/F/lEZcatCuHw+XFT8ZGeIP7284PE/Piq7ra1wXlOwrinGLhHhSj80eU1Q LxFDbNIX/5Y= =Y5Qq -----END PGP SIGNATURE-----