[vbox-dev] CVE-2015-3456 aka VENOM
Frank Mehnert
frank.mehnert at oracle.com
Mon May 18 07:58:13 GMT 2015
Hi Maxime,
On Friday 15 May 2015 11:23:15 Maxime Dor wrote:
> Could an experienced dev validate that this diff between VBox 4.3.26 &
> 4.3.28 is indeed a fix CVE-2015-3456 ? http://pastebin.com/hb5Fbwku
sorry for the slow response. Here is the link to the official Oracle report:
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
As stated there, the bug is fixed in VBox 4.3.28 so yes, the diff between the
source code of VBox 4.3.26 and 4.3.28 in src/VBox/Devices/Storage/DevFdc.cpp
contains the fix. For convenience I've attached the diff.
Kind regards,
Frank
--
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff_DevFdc
Type: text/x-patch
Size: 3299 bytes
Desc: not available
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20150518/0e9fcfee/attachment.bin>
More information about the vbox-dev
mailing list