Bug 247987 - security/vuxml: emulators/virtualbox-ose 23 CVEs
Summary: security/vuxml: emulators/virtualbox-ose 23 CVEs
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Guido Falsi
URL: https://www.oracle.com/security-alert...
Keywords: security
Depends on: 244212
Blocks:
  Show dependency treegraph
 
Reported: 2020-07-15 02:53 UTC by VVD
Modified: 2020-07-19 09:28 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description VVD 2020-07-15 02:53:47 UTC
This Critical Patch Update contains 25 new security patches for Oracle Virtualization. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without requiring user credentials. The English text form of this Risk Matrix can be found here: https://www.oracle.com/security-alerts/cpujul2020verbose.html#OVIR

Notes:
1. The CVE-2020-14628 is applicable to Windows VM only.
2. The CVE-2020-14711 is applicable to macOS host only.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2020-07-16 03:50:44 UTC
Thank you for the report. What is the version that we need to update to to address these vulnerabilities in each branch?
Comment 2 VVD 2020-07-16 04:01:36 UTC
> Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12.

Fixed in 5.2.44 (5.2.34 in ports: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244212), 6.0.24 and 6.1.12 (both not in ports: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234878).
Comment 3 Guido Falsi freebsd_committer 2020-07-19 09:24:35 UTC
CVEs added to vuxml in r542548

Thanks for reporting!