On Wednesday 17 October 2012 15:20:58 Moritz Muehlenhoff wrote: > Package: virtualbox > Severity: grave > Tags: security > Justification: user security hole > > Oracle fixed an unspecified security issue in their latest Patch Update: > http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html > > CVE-2012-3221 Oracle VM Virtual Box None VirtualBox > Core No 2.1 Local Low None None None Partial+ > 3.2, 4.0, 4.1 > > Please get in touch with upstream and ask them for a fix.
The problem was fixed by this changeset: https://www.virtualbox.org/changeset/43068/vbox The fix is part of VirtualBox 4.1.22 and 4.2.0. Distributions which provide an older package need probably an update but the changeset should apply cleanly. The complete investigation is described here: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/ Kind regards, Frank -- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
signature.asc
Description: This is a digitally signed message part.
