svn commit: r423820 - head/security/vuxml

Mark Felder feld at FreeBSD.org
Wed Oct 12 02:01:13 UTC 2016 

Author: feld
Date: Wed Oct 12 02:01:11 2016
New Revision: 423820
URL: https://svnweb.freebsd.org/changeset/ports/423820

Log:
  Document Virtualbox vulnerabilities
  
  PR:		204406
  Security:	CVE-2015-4813
  Security:	CVE-2015-4896

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Oct 12 01:42:01 2016	(r423819)
+++ head/security/vuxml/vuln.xml	Wed Oct 12 02:01:11 2016	(r423820)
@@ -58,6 +58,46 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="7d40edd1-901e-11e6-a590-14dae9d210b8">
+    <topic>VirtualBox -- undisclosed vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>virtualbox-ose</name>
+	<range><ge>5.0</ge><lt>5.0.8</lt></range>
+	<range><ge>4.3</ge><lt>4.3.32</lt></range>
+	<range><ge>4.2</ge><lt>4.2.34</lt></range>
+	<range><ge>4.1</ge><lt>4.1.42</lt></range>
+	<range><ge>4.0</ge><lt>4.0.34</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Oracle reports reports:</p>
+	<blockquote cite="http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html">
+	  <p>Unspecified vulnerability in the Oracle VM VirtualBox
+	    component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42,
+	    4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local
+	    users to affect availability via unknown vectors related to Core.</p>
+	  <p>Unspecified vulnerability in the Oracle VM VirtualBox
+	    component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42,
+	    4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature
+	    (RDP) enabled, allows remote attackers to affect availability via
+	    unknown vectors related to Core.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html</url>
+      <cvename>CVE-2015-4813</cvename>
+      <cvename>CVE-2015-4896</cvename>
+      <freebsdpr>204406</freebsdpr>
+    </references>
+    <dates>
+      <discovery>2015-10-01</discovery>
+      <entry>2016-10-12</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="10f7f782-901c-11e6-a590-14dae9d210b8">
     <topic>ImageMagick -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-all mailing list