- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202101-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VirtualBox: Multiple vulnerabilities Date: January 22, 2021 Bugs: #750782, #766348 ID: 202101-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in VirtualBox, the worst of which could result in privilege escalation. Background ========== VirtualBox is a powerful virtualization product from Oracle. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/virtualbox < 6.1.18 >= 6.1.18 Description =========== Multiple vulnerabilities have been discovered in VirtualBox. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All VirtualBox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/virtualbox-6.1.18" References ========== [ 1 ] CVE-2020-14872 https://nvd.nist.gov/vuln/detail/CVE-2020-14872 [ 2 ] CVE-2020-14881 https://nvd.nist.gov/vuln/detail/CVE-2020-14881 [ 3 ] CVE-2020-14884 https://nvd.nist.gov/vuln/detail/CVE-2020-14884 [ 4 ] CVE-2020-14885 https://nvd.nist.gov/vuln/detail/CVE-2020-14885 [ 5 ] CVE-2020-14886 https://nvd.nist.gov/vuln/detail/CVE-2020-14886 [ 6 ] CVE-2020-14889 https://nvd.nist.gov/vuln/detail/CVE-2020-14889 [ 7 ] CVE-2020-14892 https://nvd.nist.gov/vuln/detail/CVE-2020-14892 [ 8 ] CVE-2021-2073 https://nvd.nist.gov/vuln/detail/CVE-2021-2073 [ 9 ] CVE-2021-2074 https://nvd.nist.gov/vuln/detail/CVE-2021-2074 [ 10 ] CVE-2021-2086 https://nvd.nist.gov/vuln/detail/CVE-2021-2086 [ 11 ] CVE-2021-2111 https://nvd.nist.gov/vuln/detail/CVE-2021-2111 [ 12 ] CVE-2021-2112 https://nvd.nist.gov/vuln/detail/CVE-2021-2112 [ 13 ] CVE-2021-2119 https://nvd.nist.gov/vuln/detail/CVE-2021-2119 [ 14 ] CVE-2021-2120 https://nvd.nist.gov/vuln/detail/CVE-2021-2120 [ 15 ] CVE-2021-2121 https://nvd.nist.gov/vuln/detail/CVE-2021-2121 [ 16 ] CVE-2021-2123 https://nvd.nist.gov/vuln/detail/CVE-2021-2123 [ 17 ] CVE-2021-2124 https://nvd.nist.gov/vuln/detail/CVE-2021-2124 [ 18 ] CVE-2021-2125 https://nvd.nist.gov/vuln/detail/CVE-2021-2125 [ 19 ] CVE-2021-2126 https://nvd.nist.gov/vuln/detail/CVE-2021-2126 [ 20 ] CVE-2021-2127 https://nvd.nist.gov/vuln/detail/CVE-2021-2127 [ 21 ] CVE-2021-2128 https://nvd.nist.gov/vuln/detail/CVE-2021-2128 [ 22 ] CVE-2021-2129 https://nvd.nist.gov/vuln/detail/CVE-2021-2129 [ 23 ] CVE-2021-2130 https://nvd.nist.gov/vuln/detail/CVE-2021-2130 [ 24 ] CVE-2021-2131 https://nvd.nist.gov/vuln/detail/CVE-2021-2131 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202101-15 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5