[vbox-dev] "Disgruntled Security Researcher Publishes Major VirtualBox 0-Day Exploit"
Michael Thayer
michael.thayer at oracle.com
Mon Nov 12 13:08:20 GMT 2018
Hello Larry,
It looks to me like the site was updated after 5.2.22 was released to
say that the researcher considers the issue fixed. Unfortunately we are
by Oracle policy to comment on security fixes or even mention them in
the change log - all security information is published in the quarterly
Oracle critical patch update information. Please note though that we
take security seriously!
Regards
Michael
11.11.18 22:13, Larry Finger wrote:
> On 11/11/18 1:09 AM, Mihai Hanor wrote:
>> Hi,
>>
>> According to the same researcher, Virtualbox 5.2.22 fixes the
>> vulnerability:
>>
>> https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12
>
> I'm not sure that he says that 5.2.22 fixes the problem. What he says is
> that 5.2.20 and earlier are affected; however, 5.2.22 was released after
> his posting.
>
> Larry
>
>
> _______________________________________________
> vbox-dev mailing list
> vbox-dev at virtualbox.org
> https://www.virtualbox.org/mailman/listinfo/vbox-dev
--
Michael Thayer | VirtualBox engineer
ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | D-71384 Weinstadt
ORACLE Deutschland B.V. & Co. KG
Hauptverwaltung: Riesstraße 25, D-80992 München
Registergericht: Amtsgericht München, HRA 95603
Komplementärin: ORACLE Deutschland Verwaltung B.V.
Hertogswetering 163/167, 3543 AS Utrecht, Niederlande
Handelsregister der Handelskammer Midden-Nederland, Nr. 30143697
Geschäftsführer: Alexander van der Ven, Jan Schultheiss, Val Maher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 2468 bytes
Desc: not available
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20181112/241a1cf4/attachment.bin>
More information about the vbox-dev
mailing list