MGASA-2014-0184

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0184.html

Import Source

https://advisories.mageia.org/MGASA-2014-0184.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2014-0184

Upstream

CVE-2013-5892

CVE-2014-0404

CVE-2014-0405

CVE-2014-0406

CVE-2014-0407

CVE-2014-0981

CVE-2014-0983

Published

2014-04-20T18:48:47Z

Modified

2026-04-16T06:24:06.444979828Z

Summary

Updated virtualbox packages fixes security vulnerabilities

Details

Multiple vulnerabilities in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core (CVE-2013-5892, CVE-2014-0404, CVE-2014-0405, CVE-2014-0406, CVE-2014-0407).

VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a CRMESSAGEREADBACK or CRMESSAGEWRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption (CVE-2014-0981).

Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/serverdispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CRMESSAGE_OPCODES messages with a crafted index, which are not properly handled (CVE-2014-0983).

The virtualbox packages has been updated to 4.3.10 maintenance release that resolves theese issues and other upstream reported issues (for more info check the referenced changelog).

This update also resolves the following: - load virtualbox modules on install (mga#8826) - missing GUI translations (mga#12578)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / kmod-vboxadditions

Package

Name: kmod-vboxadditions
Purl: pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0184.json"

Mageia:3 / kmod-virtualbox

Package

Name: kmod-virtualbox
Purl: pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0184.json"

Mageia:3 / virtualbox

Package

Name: virtualbox
Purl: pkg:rpm/mageia/virtualbox?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.10-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2014-0184.json"