Mailinglist Archive: opensuse-updates (127 mails)

< Previous Next >
openSUSE-SU-2016:1462-1: moderate: Security update for virtualbox
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:1462-1
Rating: moderate
References: #908383 #939299 #953018 #964765
Cross-References: CVE-2016-0678
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that solves one vulnerability and has three fixes
is now available.

Description:


Virtualbox was updated to 5.0.20 to fix the following issues:

Version bump to 5.0.20 (released 2016-04-28 by Oracle) This is a
maintenance release. The following items were fixed and/or added:

* NAT Network: File VBoxNetNAT no longer requires suid
* Storage: fixed a regression causing write requests from the BIOS to
cause a Guru Meditation with the LsiLogic SCSI controller (5.0.18
regression; bug #15317)
* Storage: several emulation fixes in the BusLogic SCSI controller
emulation
* NAT Network: support TCP in DNS proxy (same problem as in bug #14736 for
NAT)
* NAT: rework handling of port-forwarding rules (bug #13570)
* NAT: rewrite host resolver to handle more query types and make it
asynchronous so that a stalled lookup doesn't block all NAT traffic
* Snapshots: don't crash when restoring a snapshot which has more network
adapters than the current state (ie when the snapshot uses ICH9 and the
current state uses PIIX3)
* Guest Control: various bugfixes for the copyfrom and copyto commands /
API (bug #14336)
* VBoxManage: list processor features on list hostinfo (bug #15334)
* Linux hosts: fix for Linux 4.5 if CONFIG_NET_CLS_ACT is enabled (bug
#15327)
* Windows Additions: fixed performance issues with PowerPoint 2010 and the
WDDM graphics drivers if Aero is disabled

Bugfixes:
- Apply proper fix for boo#964765 that causes guest VMs using NAT Network
attachments to fail to get network access. The basic problem is that
file /usr/lib/virtualbox/VBoxNetNAT needs to have suid privilege, and
the spec file was failing to set the appropriate permissions.

- Implement VirtualBox version 5.0.18 in openSUSE 13.2. Previous to this
point,
oS 13.2 had been using 4.3.X, which was the VB series when 13.2 was
released. This policy has been changed so that a fix for CVE-2016-0678
can be included in 13.2. Bug report b.o.o #97366 discusses this
vulnerability. This submission also fixes the bug in VB 5.0.18 that
prevents proper operation for guest VMs configured to use LsiLogic
adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317
for a description of the problem, and changeset:
https://www.virtualbox.org/changeset/60565/vbox for the fix, which is
implemented in file "changeset_60565.diff".


Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a
maintenance release. The following items were fixed and/or added:
* GUI: position off-screen windows to be fully visible again on relaunch
in consistence with default-behavior (bug #15226)
* GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El
Capitan
* GUI: fixed a test which allowed to encrypt a hard disk with an empty
password
* GUI: fixed a crash under certain conditions during VM shutdown
* GUI: fixed the size of the VM list scrollbar in the VM selector when
entering a group
* PC speaker passthrough: fixes (Linux hosts only; bug #627)
* Drag and drop: several fixes
* SATA: fixed hotplug flag handling when EFI is used
* Storage: fixed handling of encrypted disk images with SCSI controllers
(bug #14812)
* Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI
controller is used
* USB: properly purge non-ASCII characters from USB strings (bugs #8801,
#15222)
* NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain
circumstances (bug #15223)
* ACPI: fixed ACPI tables to make the display color management settings
available again for older Windows versions (4.3.22 regression)
* Guest Control: fixed VBoxManage copyfrom command (bug #14336)
* Snapshots: fixed several problems when removing older snapshots (bug
#15206)
* VBoxManage: fixed --verbose output of the guestcontrol command
* Windows hosts: hardening fixes required for recent Windows 10 insider
builds (bugs #15245, #15296)
* Windows hosts: fixed support of jumbo frames in with bridged networking
(5.0.16 regression; bug #15209)
* Windows hosts: don't prevent receiving multicast traffic if host-only
adapters are installed (bug #8698)
* Linux hosts: added support for the new naming scheme of NVME disks when
creating raw disks
* Solaris hosts / guests: properly sign the kernel modules (bug #12608)
* Linux hosts / guests: Linux 4.5 fixes (bug #15251)
* Linux hosts / guests: Linux 4.6 fixes (bug #15298)
* Linux Additions: added a kernel graphics driver to support graphics when
X.Org does not have root rights (bug #14732)
* Linux/Solaris Additions: fixed several issues causing Linux/Solatis
guests using software rendering when 3D acceleration is available
* Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM
drivers if Aero is disabled


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-672=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

python-virtualbox-5.0.20-46.1
python-virtualbox-debuginfo-5.0.20-46.1
virtualbox-5.0.20-46.1
virtualbox-debuginfo-5.0.20-46.1
virtualbox-debugsource-5.0.20-46.1
virtualbox-devel-5.0.20-46.1
virtualbox-guest-kmp-default-5.0.20_k3.16.7_35-46.1
virtualbox-guest-kmp-default-debuginfo-5.0.20_k3.16.7_35-46.1
virtualbox-guest-kmp-desktop-5.0.20_k3.16.7_35-46.1
virtualbox-guest-kmp-desktop-debuginfo-5.0.20_k3.16.7_35-46.1
virtualbox-guest-tools-5.0.20-46.1
virtualbox-guest-tools-debuginfo-5.0.20-46.1
virtualbox-guest-x11-5.0.20-46.1
virtualbox-guest-x11-debuginfo-5.0.20-46.1
virtualbox-host-kmp-default-5.0.20_k3.16.7_35-46.1
virtualbox-host-kmp-default-debuginfo-5.0.20_k3.16.7_35-46.1
virtualbox-host-kmp-desktop-5.0.20_k3.16.7_35-46.1
virtualbox-host-kmp-desktop-debuginfo-5.0.20_k3.16.7_35-46.1
virtualbox-qt-5.0.20-46.1
virtualbox-qt-debuginfo-5.0.20-46.1
virtualbox-websrv-5.0.20-46.1
virtualbox-websrv-debuginfo-5.0.20-46.1

- openSUSE 13.2 (noarch):

virtualbox-guest-desktop-icons-5.0.20-46.1
virtualbox-host-source-5.0.20-46.1

- openSUSE 13.2 (i586):

virtualbox-guest-kmp-pae-5.0.20_k3.16.7_35-46.1
virtualbox-guest-kmp-pae-debuginfo-5.0.20_k3.16.7_35-46.1
virtualbox-host-kmp-pae-5.0.20_k3.16.7_35-46.1
virtualbox-host-kmp-pae-debuginfo-5.0.20_k3.16.7_35-46.1


References:

https://www.suse.com/security/cve/CVE-2016-0678.html
https://bugzilla.suse.com/908383
https://bugzilla.suse.com/939299
https://bugzilla.suse.com/953018
https://bugzilla.suse.com/964765


< Previous Next >
This Thread
  • No further messages