ALT-PU-2016-1256-1
Package kernel-modules-virtualbox-addition-std-def updated to version 5.0.14-alt1.262419.1 for branch sisyphus in task 161467.
Closed vulnerabilities
Published: 2015-10-22
BDU:2015-11847
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.0)
References:
Published: 2015-10-22
BDU:2015-11913
Уязвимость виртуальной машины Oracle VM VirtualBox, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (2.1)
References:
Published: 2015-11-16
BDU:2015-12123
Уязвимость гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.7)
References:
Published: 2015-12-06
BDU:2016-01654
Уязвимость реализации ASN1_TFLG_COMBINE библиотеки OpenSSL, позволяющая нарушителю получить защищаемую информацию из памяти процесса
Severity: MEDIUM (5.0)
References:
Published: 2015-12-06
BDU:2016-01655
Уязвимость библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (4.3)
References:
Published: 2015-12-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Severity: MEDIUM (5.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
References:
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- APPLE-SA-2016-03-21-5
- APPLE-SA-2016-03-21-5
- FEDORA-2015-d87d60b9a9
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:0637
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- SUSE-SU-2016:0678
- SUSE-SU-2016:0678
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2318
- openSUSE-SU-2015:2318
- openSUSE-SU-2015:2349
- openSUSE-SU-2015:2349
- HPSBGN03536
- HPSBGN03536
- http://openssl.org/news/secadv/20151203.txt
- http://openssl.org/news/secadv/20151203.txt
- RHSA-2015:2616
- RHSA-2015:2616
- RHSA-2015:2617
- RHSA-2015:2617
- RHSA-2016:2056
- RHSA-2016:2056
- RHSA-2016:2957
- RHSA-2016:2957
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- DSA-3413
- DSA-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 78626
- 78626
- 91787
- 91787
- 1034294
- 1034294
- SSA:2015-349-04
- SSA:2015-349-04
- USN-2830-1
- USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=cc598f321fbac9c04da5766243ed55d55948637d
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131085
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://support.apple.com/HT206167
- https://support.apple.com/HT206167
Published: 2015-12-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message.
Severity: MEDIUM (4.3)
References:
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://fortiguard.com/advisory/openssl-advisory-december-2015
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2015-d87d60b9a9
- FEDORA-2015-d87d60b9a9
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2288
- openSUSE-SU-2015:2289
- openSUSE-SU-2015:2289
- HPSBGN03536
- HPSBGN03536
- http://openssl.org/news/secadv/20151203.txt
- http://openssl.org/news/secadv/20151203.txt
- RHSA-2015:2617
- RHSA-2015:2617
- RHSA-2016:2957
- RHSA-2016:2957
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- 20151204 Multiple Vulnerabilities in OpenSSL (December 2015) Affecting Cisco Products
- DSA-3413
- DSA-3413
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.fortiguard.com/advisory/openssl-advisory-december-2015
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- 78622
- 78622
- 1034294
- 1034294
- SSA:2015-349-04
- SSA:2015-349-04
- USN-2830-1
- USN-2830-1
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
- https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=3c66a669dfc7b3792f7af0758ea26fe8502ce70c
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944173
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05398322
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
- https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40100
Published: 2015-10-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-4813
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.
Severity: LOW (2.1)
References:
Published: 2015-10-22
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-4896
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core.
Severity: MEDIUM (5.0)
References:
Published: 2015-11-16
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2015-8104
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
Severity: MEDIUM (4.7)
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
- FEDORA-2015-f150b2a8c8
- FEDORA-2015-f150b2a8c8
- FEDORA-2015-668d213dc3
- FEDORA-2015-668d213dc3
- FEDORA-2015-394835a3f6
- FEDORA-2015-394835a3f6
- SUSE-SU-2015:2108
- SUSE-SU-2015:2108
- SUSE-SU-2015:2194
- SUSE-SU-2015:2194
- SUSE-SU-2015:2339
- SUSE-SU-2015:2339
- SUSE-SU-2015:2350
- SUSE-SU-2015:2350
- SUSE-SU-2016:0354
- SUSE-SU-2016:0354
- openSUSE-SU-2016:1008
- openSUSE-SU-2016:1008
- SUSE-SU-2016:2074
- SUSE-SU-2016:2074
- openSUSE-SU-2015:2232
- openSUSE-SU-2015:2232
- openSUSE-SU-2015:2250
- openSUSE-SU-2015:2250
- RHSA-2015:2636
- RHSA-2015:2636
- RHSA-2015:2645
- RHSA-2015:2645
- RHSA-2016:0046
- RHSA-2016:0046
- http://support.citrix.com/article/CTX202583
- http://support.citrix.com/article/CTX202583
- http://support.citrix.com/article/CTX203879
- http://support.citrix.com/article/CTX203879
- DSA-3414
- DSA-3414
- DSA-3426
- DSA-3426
- DSA-3454
- DSA-3454
- [oss-security] 20151110 CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception
- [oss-security] 20151110 CVE-2015-8104 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #DB exception
- [oss-security] 20231010 Xen Security Advisory 444 v3 (CVE-2023-34327,CVE-2023-34328) - x86/AMD: Debug Mask handling
- [oss-security] 20231010 Xen Security Advisory 444 v3 (CVE-2023-34327,CVE-2023-34328) - x86/AMD: Debug Mask handling
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 77524
- 77524
- 91787
- 91787
- 1034105
- 1034105
- USN-2840-1
- USN-2840-1
- USN-2841-1
- USN-2841-1
- USN-2841-2
- USN-2841-2
- USN-2842-1
- USN-2842-1
- USN-2842-2
- USN-2842-2
- USN-2843-1
- USN-2843-1
- USN-2843-2
- USN-2843-2
- USN-2844-1
- USN-2844-1
- http://xenbits.xen.org/xsa/advisory-156.html
- http://xenbits.xen.org/xsa/advisory-156.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1278496
- https://bugzilla.redhat.com/show_bug.cgi?id=1278496
- https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
- https://github.com/torvalds/linux/commit/cbdb967af3d54993f5814f1cee0ed311a055377d
- https://kb.juniper.net/JSA10783
- https://kb.juniper.net/JSA10783
Published: 2016-01-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-0495
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.
Severity: MEDIUM (4.3)
References:
Published: 2016-01-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-0592
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.
Severity: LOW (2.1)
References:
Published: 2016-01-21
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2016-0602
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
Severity: MEDIUM (6.2)
References:
- 20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- 20160210 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- 20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- 20160205 [CVE-2016-0602, CVE-2016-0603] Executable installers are vulnerable^WEVIL (case 24): Oracle Java 6/7/8 SE and VirtualBox
- 1034731
- 1034731