[vbox-dev] CVE-2015-3456 aka VENOM
Gianfranco Costamagna
costamagnagianfranco at yahoo.it
Mon May 18 16:19:39 GMT 2015
Hi Frank, as usual thanks a lot for the patch and the answer!
keep up the good work!
cheers,
G.
Il Lunedì 18 Maggio 2015 10:05, Frank Mehnert <frank.mehnert at oracle.com> ha scritto:
Hi Maxime,
On Friday 15 May 2015 11:23:15 Maxime Dor wrote:
> Could an experienced dev validate that this diff between VBox 4.3.26 &
> 4.3.28 is indeed a fix CVE-2015-3456 ? http://pastebin.com/hb5Fbwku
sorry for the slow response. Here is the link to the official Oracle report:
http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
As stated there, the bug is fixed in VBox 4.3.28 so yes, the diff between the
source code of VBox 4.3.26 and 4.3.28 in src/VBox/Devices/Storage/DevFdc.cpp
contains the fix. For convenience I've attached the diff.
Kind regards,
Frank
--
Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher
_______________________________________________
vbox-dev mailing list
vbox-dev at virtualbox.org
https://www.virtualbox.org/mailman/listinfo/vbox-dev
More information about the vbox-dev
mailing list