[vbox-dev] CVE-2015-3456 aka VENOM
Sérgio Basto
sergio at serjux.com
Mon May 18 01:29:51 UTC 2015
On Dom, 2015-05-17 at 22:21 +0000, Gianfranco Costamagna wrote:
> Hi folks,in my ongoing effort to fix Debian/Ubuntu packages, I would like to understand how and if virtualbox is affected, and if a patch is available for download.
Googling by "venom bug" I found many thing about this security problem,
for example:
http://mashable.com/2015/05/13/venom-security-faq/
Anyway Maxime Dor ask if it is already fixed on 4.3.28 .
> thanks
>
>
>
>
> cheers,
>
> Gianfranco
>
>
> Il Venerdì 15 Maggio 2015 11:31, Maxime Dor <max at kamax.io> ha scritto:
> Hi,
>
> Could an experienced dev validate that this diff between VBox 4.3.26 &
> 4.3.28 is indeed a fix CVE-2015-3456 ? http://pastebin.com/hb5Fbwku
> QEMU patch for reference:
> http://git.qemu.org/?p=qemu.git;a=blobdiff;f=hw/block/fdc.c;h=d8a8edd936f42d4b1d801c996932668e456b5896;hp=f72a39216347e722496797555db9f208b0c5b4b2;hb=e907746266721f305d67bc0718795fedee2e824c;hpb=968bb75c348a401b85e08d5eb1887a3e6c3185f5
>
> Thank you!
> Max
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
--
Sérgio M. B.
More information about the vbox-dev
mailing list