[vbox-dev] Announcement: VirtualBox 3.0.8 released
Lubomir Rintel
lkundrak at v3.sk
Tue Oct 6 13:35:50 GMT 2009
On Tue, 2009-10-06 at 15:06 +0200, Frank Mehnert wrote:
> Hi,
>
> today Sun released VirtualBox 3.0.8, a maintenance release of
> VirtualBox 3.0 which fixes several bugs and regressions. See
> the ChangeLog
>
> http://www.virtualbox.org/wiki/Changelog
[snip]
Security: fixed vulnerability that allowed to execute commands with root
privileges
[snip]
This sounds pretty scary and seems like a rather bad way to announce
what seems like a security fix. It would be awesome if you could tell
the users how severe the issue is, so they cat decide whether they need
the update. Specifically, it might be important to mention who can gain
which privileges (if a privileged user in guest can gain root in host or
a local unprivileged user on host can gain root privileges on host,
etc. ...)
Moreover, I guess getting a CVE [1] number for the vulnerability is not
a bad idea either.
[1] http://cve.mitre.org/
Regards,
Lubo
--
Flash is the Web2.0 version of blink and animated gifs.
-- Stephen Smoogen
More information about the vbox-dev
mailing list