[vbox-dev] Announcement: VirtualBox 3.0.8 released

Lubomir Rintel lkundrak at v3.sk
Tue Oct 6 13:35:50 GMT 2009

On Tue, 2009-10-06 at 15:06 +0200, Frank Mehnert wrote:
> Hi,
> today Sun released VirtualBox 3.0.8, a maintenance release of
> VirtualBox 3.0 which fixes several bugs and regressions. See
> the ChangeLog
>   http://www.virtualbox.org/wiki/Changelog

Security: fixed vulnerability that allowed to execute commands with root

This sounds pretty scary and seems like a rather bad way to announce
what seems like a security fix. It would be awesome if you could tell
the users how severe the issue is, so they cat decide whether they need
the update. Specifically, it might be important to mention who can gain
which privileges (if a privileged user in guest can gain root in host or
a local unprivileged user on host can gain root privileges on host,
etc. ...)

Moreover, I guess getting a CVE [1] number for the vulnerability is not
a bad idea either.

[1] http://cve.mitre.org/


Flash is the Web2.0 version of blink and animated gifs.
                                     -- Stephen Smoogen

More information about the vbox-dev mailing list