{
  "Definition": [
    {
      "ID": "oval:org.altlinux.errata:def:20151170",
      "Version": "oval:org.altlinux.errata:def:20151170",
      "Class": "patch",
      "Metadata": {
        "Title": "ALT-PU-2015-1170: package `kernel-modules-virtualbox-addition-std-def` update to version 4.3.20-alt1.200225.1",
        "AffectedList": [
          {
            "Family": "unix",
            "Platforms": [
              "ALT Linux branch c10f1"
            ],
            "Products": [
              "ALT SP Workstation",
              "ALT SP Server"
            ]
          }
        ],
        "References": [
          {
            "RefID": "ALT-PU-2015-1170",
            "RefURL": "https://errata.altlinux.org/ALT-PU-2015-1170",
            "Source": "ALTPU"
          },
          {
            "RefID": "CVE-2014-6588",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-6588",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-6589",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-6589",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-6590",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-6590",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2014-6595",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-6595",
            "Source": "CVE"
          },
          {
            "RefID": "CVE-2015-0427",
            "RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2015-0427",
            "Source": "CVE"
          }
        ],
        "Description": "This update upgrades kernel-modules-virtualbox-addition-std-def to version 4.3.20-alt1.200225.1. \nSecurity Fix(es):\n\n * CVE-2014-6588: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.\n\n * CVE-2014-6589: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.\n\n * CVE-2014-6590: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.\n\n * CVE-2014-6595: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.\n\n * CVE-2015-0427: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.",
        "Advisory": {
          "From": "errata.altlinux.org",
          "Severity": "Low",
          "Rights": "Copyright 2024 BaseALT Ltd.",
          "Issued": {
            "Date": "2015-02-15"
          },
          "Updated": {
            "Date": "2015-02-15"
          },
          "BDUs": null,
          "CVEs": [
            {
              "ID": "CVE-2014-6588",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-6588",
              "Impact": "Low",
              "Public": "20150121"
            },
            {
              "ID": "CVE-2014-6589",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-6589",
              "Impact": "Low",
              "Public": "20150121"
            },
            {
              "ID": "CVE-2014-6590",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-6590",
              "Impact": "Low",
              "Public": "20150121"
            },
            {
              "ID": "CVE-2014-6595",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-6595",
              "Impact": "Low",
              "Public": "20150121"
            },
            {
              "ID": "CVE-2015-0427",
              "CVSS": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
              "CWE": "NVD-CWE-noinfo",
              "Href": "https://nvd.nist.gov/vuln/detail/CVE-2015-0427",
              "Impact": "Low",
              "Public": "20150121"
            }
          ],
          "AffectedCPEs": {
            "CPEs": [
              "cpe:/o:alt:spworkstation:10",
              "cpe:/o:alt:spserver:10"
            ]
          }
        }
      },
      "Criteria": {
        "Operator": "AND",
        "Criterions": [
          {
            "TestRef": "oval:org.altlinux.errata:tst:4001",
            "Comment": "ALT Linux must be installed"
          }
        ],
        "Criterias": [
          {
            "Operator": "OR",
            "Criterions": [
              {
                "TestRef": "oval:org.altlinux.errata:tst:20151170001",
                "Comment": "kernel-modules-virtualbox-addition-std-def is earlier than 0:4.3.20-alt1.200225.1"
              }
            ]
          }
        ]
      }
    }
  ]
}