*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Alex Murray (alexmurray):
@MorteNoir1 published a 0day exloit against virtualbox that allows escaping the VM. This is a major vulnerability. oracle just released 5.2.22 which seems to fix the vulnerability https://github.com/MorteNoir1/virtualbox_e1000_0day/issues/12 Altough this is not aknowledge in the offical changelog, the sec dev that creates the 0day exploits explains that 5.2.22 fixes the 0day vulnerability. Please upgrade to 5.2.22 on all ubuntu version to fix that big hole. thanks ProblemType: Bug DistroRelease: Ubuntu 18.10 Package: virtualbox 5.2.18-dfsg-2 ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12 Uname: Linux 4.18.0-10-generic x86_64 NonfreeKernelModules: wl ApportVersion: 2.20.10-0ubuntu13 Architecture: amd64 CurrentDesktop: ubuntu:GNOME Date: Tue Nov 13 13:59:11 2018 InstallationDate: Installed on 2018-05-07 (189 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=fr_FR.UTF-8 SHELL=/bin/bash SourcePackage: virtualbox UpgradeStatus: Upgraded to cosmic on 2018-10-19 (25 days ago) ** Affects: virtualbox (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug cosmic wayland-session -- virtualbox 0day exploit https://bugs.launchpad.net/bugs/1803132 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
