ALT Linux Team

Branch sisyphus update on 2013-12-18

2013-12-18

ALT-BU-2013-1448-1

Branch sisyphus update bulletin.

ALT-PU-2013-1294-1

Package virtualbox updated to version 4.3.4-alt1 for branch sisyphus in task 109958.

Closed vulnerabilities

Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0404

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0405

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0406

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0407

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0377

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:S/C:N/I:N/A:C
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0418

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
References:

ALT-PU-2013-1295-1

Package kernel-modules-virtualbox-addition-std-def updated to version 4.3.4-alt1.199192.1 for branch sisyphus in task 109958.

Closed vulnerabilities

Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0404

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0405

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0406

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0407

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0377

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:S/C:N/I:N/A:C
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0418

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
References:

ALT-PU-2013-1296-1

Package kernel-modules-virtualbox-std-def updated to version 4.3.4-alt1.199192.1 for branch sisyphus in task 109958.

Closed vulnerabilities

Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0404

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0405

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0406

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0407

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0377

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:S/C:N/I:N/A:C
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0418

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
References:

ALT-PU-2013-1297-1

Package kernel-modules-virtualbox-un-def updated to version 4.3.4-alt1.199685.1 for branch sisyphus in task 109958.

Closed vulnerabilities

Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0404

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0405

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0406

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.

Severity: LOW (2.4) Vector: AV:L/AC:H/Au:S/C:N/I:P/A:P
References:
Published: 2014-01-15
Modified: 2025-04-11

CVE-2014-0407

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0405.

Severity: LOW (3.5) Vector: AV:L/AC:H/Au:S/C:P/I:P/A:P
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0377

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.

Severity: MEDIUM (4.4) Vector: AV:L/AC:M/Au:S/C:N/I:N/A:C
References:
Published: 2015-01-21
Modified: 2025-04-12

CVE-2015-0418

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.

Severity: LOW (2.1) Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
References:

ALT-PU-2013-1298-1

Package curl updated to version 7.34.0-alt1 for branch sisyphus in task 110632.

Closed vulnerabilities

Published: 2015-04-28
Modified: 2021-03-23

BDU:2015-09726

Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2013-11-23
Modified: 2025-04-11

CVE-2013-4545

cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
References:
Published: 2013-12-23
Modified: 2025-04-11

CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Severity: MEDIUM (4.0) Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top