938408 – (CVE-2015-2594) VUL-0: CVE-2015-2594: Unspecified vulnerability in the Oracle VM VirtualBox component in OracleVirtualization VirtualBox ...

Bug 938408 (CVE-2015-2594) - VUL-0: CVE-2015-2594: Unspecified vulnerability in the Oracle VM VirtualBox component in OracleVirtualization VirtualBox ...

Summary: VUL-0: CVE-2015-2594: Unspecified vulnerability in the Oracle VM VirtualBox c...

Status:	RESOLVED FIXED

Alias:	CVE-2015-2594

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Larry Finger
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/118860/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-07-16 13:58 UTC by Andreas Stieger
Modified:	2015-08-18 08:09 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-07-16 13:58:59 UTC

CVE-2015-2594

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows
local users to affect confidentiality, integrity, and availability via unknown
vectors related to Core.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2594

Comment 1 Swamp Workflow Management 2015-07-16 22:00:12 UTC

bugbot adjusting priority

Comment 2 Bernhard Wiedemann 2015-08-09 05:00:07 UTC

This is an autogenerated message for OBS integration:
This bug (938408) was mentioned in
https://build.opensuse.org/request/show/321458 13.2+13.1 / virtualbox
https://build.opensuse.org/request/show/321460 13.2+13.1 / virtualbox

Comment 3 Larry Finger 2015-08-09 15:18:13 UTC

Virtualbox has been updated to 4.2.32 for openSUSE 13.1, and to 4.3.30 for openSUSE 13.2. This vulnerability is fixed in those new versions.

Comment 4 Swamp Workflow Management 2015-08-18 08:09:52 UTC

openSUSE-SU-2015:1400-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 925663,935900,938408
CVE References: CVE-2015-2594,CVE-2015-3456
Sources used:
openSUSE 13.2 (src):    virtualbox-4.3.30-17.1
openSUSE 13.1 (src):    virtualbox-4.2.32-2.35.1