« previous next »
Pages: [1]   Go Down

Author Topic: Avast NG Vurnable? Oracle Virtualbox CVE-2015-0377  (Read 2710 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast NG Vurnable? Oracle Virtualbox CVE-2015-0377
« on: January 27, 2015, 07:57:21 PM »
Hi Avast, I would like to provide a small warning about Avast NG's depedency (Virtualbox.)

The CVE is: CVE-2015-0377

I have been monitoring the NVD for the week and noticed that there is a CVE for Oracle Virtualbox (The system embedded into Avast NG.)

There has been an emergency update from Oracle. The exploit details can be found at: https://www.us-cert.gov/ncas/bulletins/SB15-026

The Patch information can be found at http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

I couldn't find a direct email to send this message to anyone. I thought this might be the best place to warn you.

Thanks
Oliver
Logged

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48562
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast NG Vurnable? Oracle Virtualbox CVE-2015-0377
« Reply #1 on: January 27, 2015, 08:01:17 PM »
Moderator  notified. :)
Logged
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Spec8472

  • Avast team
  • Sr. Member
  • *
  • Posts: 297
Re: Avast NG Vurnable? Oracle Virtualbox CVE-2015-0377
« Reply #2 on: January 27, 2015, 10:33:56 PM »
Thanks for report, CVE-2015-0377 affects only VBox up to version 4.2.28. Avast 2015 is using VBox 4.3.16.

Quote from: OliPicard on January 27, 2015, 07:57:21 PM
Hi Avast, I would like to provide a small warning about Avast NG's depedency (Virtualbox.)

The CVE is: CVE-2015-0377

I have been monitoring the NVD for the week and noticed that there is a CVE for Oracle Virtualbox (The system embedded into Avast NG.)

There has been an emergency update from Oracle. The exploit details can be found at:

The Patch information can be found at

I couldn't find a direct email to send this message to anyone. I thought this might be the best place to warn you.

Thanks
Oliver
Logged

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48562
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast NG Vurnable? Oracle Virtualbox CVE-2015-0377
« Reply #3 on: January 28, 2015, 03:25:15 PM »
@Spec8472,
Thanks for the info and reassurance that we are safe. :)
Logged
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

REDACTED

  • Guest
Re: Avast NG Vurnable? Oracle Virtualbox CVE-2015-0377
« Reply #4 on: January 28, 2015, 06:12:52 PM »
Quote from: Spec8472 on January 27, 2015, 10:33:56 PM
Thanks for report, CVE-2015-0377 affects only VBox up to version 4.2.28. Avast 2015 is using VBox 4.3.16.

Quote from: OliPicard on January 27, 2015, 07:57:21 PM
Hi Avast, I would like to provide a small warning about Avast NG's depedency (Virtualbox.)

The CVE is: CVE-2015-0377

I have been monitoring the NVD for the week and noticed that there is a CVE for Oracle Virtualbox (The system embedded into Avast NG.)

There has been an emergency update from Oracle. The exploit details can be found at:

The Patch information can be found at

I couldn't find a direct email to send this message to anyone. I thought this might be the best place to warn you.

Thanks
Oliver

Thanks for clarifying, Glad we are not affected!
Logged
Pages: [1]   Go Up
« previous next »