[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"

Michael Thayer michael.thayer at oracle.com
Mon Nov 12 13:08:20 GMT 2018

Hello Larry,

It looks to me like the site was updated after 5.2.22 was released to
say that the researcher considers the issue fixed.  Unfortunately we are
by Oracle policy to comment on security fixes or even mention them in
the change log - all security information is published in the quarterly
Oracle critical patch update information.  Please note though that we
take security seriously!


11.11.18 22:13, Larry Finger wrote:
> On 11/11/18 1:09 AM, Mihai Hanor wrote:
>> Hi,
>> According to the same researcher, Virtualbox 5.2.22 fixes the
>> vulnerability:
>> https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12
> I'm not sure that he says that 5.2.22 fixes the problem. What he says is
> that 5.2.20 and earlier are affected; however, 5.2.22 was released after
> his posting.
> Larry
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev

Michael Thayer | VirtualBox engineer
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | D-71384 Weinstadt

ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603

Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Nederland, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 2468 bytes
Desc: not available
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20181112/241a1cf4/attachment.bin>

More information about the vbox-dev mailing list