Ubuntu
virtualbox-ose package

CVE-2011-2305

Bug #816874 reported by Felix Geyer on 2011-07-27

260

This bug affects 1 person

	Status	Importance	Assigned to
virtualbox-ose (Debian)	Fix Released	Unknown	debbugs #635276
virtualbox-ose (Ubuntu)	Invalid	Undecided	Unassigned
Natty	Fix Released	Undecided	Steve Beattie

Bug Description

According to http://mista.nu/blog/2011/07/19/oracle-virtualbox-integer-overflow-vulnerabilities/ CVE-2011-2305 might allow a guest VM to execute code on the host.

The version information in the CVE are wrong. The issue affects 4.0.0 - 4.0.8.
So the package needs to be updated in natty and natty-backports (virtualbox source package).

Related branches

lp:ubuntu/natty-security/virtualbox-ose

CVE References

2011-2305

Felix Geyer (debfx) on 2011-07-27

visibility:	private → public
Changed in virtualbox-ose (Ubuntu):
status:	New → Invalid

Revision history for this message

Felix Geyer (debfx) wrote on 2011-07-27:

virtualbox-ose_4.0.4-dfsg-1ubuntu4.1.debdiff Edit (2.3 KiB, text/plain)

virtualbox-ose (4.0.4-dfsg-1ubuntu4.1) natty-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution on the host (LP: #816874)
    - debian/patches/31-CVE-2011-2305.patch: patch from upstream
    - CVE-2011-2305

-- Felix Geyer <email address hidden> Wed, 27 Jul 2011 11:45:28 +0200

Steve Beattie (sbeattie) on 2011-07-27

Changed in virtualbox-ose (Ubuntu Natty):
status:	New → In Progress
assignee:	nobody → Steve Beattie (sbeattie)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-07-28:

This bug was fixed in the package virtualbox-ose - 4.0.4-dfsg-1ubuntu4.1

---------------
virtualbox-ose (4.0.4-dfsg-1ubuntu4.1) natty-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution on the host (LP: #816874)
    - debian/patches/31-CVE-2011-2305.patch: patch from upstream
    - CVE-2011-2305
-- Felix Geyer <email address hidden> Wed, 27 Jul 2011 11:45:28 +0200

Changed in virtualbox-ose (Ubuntu Natty):
status:	In Progress → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-08-10

Changed in virtualbox-ose (Debian):
status:	Unknown → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

virtualbox-ose_4.0.4-dfsg-1ubuntu4.1.debdiff Edit

Add patch

Remote bug watches

debbugs #635276
[done grave security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuvirtualbox-ose package