Mailinglist Archive: opensuse-updates (111 mails)

< Previous Next >
openSUSE-SU-2016:2314-1: moderate: Security update for virtualbox
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2016:2314-1
Rating: moderate
References: #983927 #990369 #990370
Cross-References: CVE-2016-3597 CVE-2016-3612
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:


Virtualbox was updated to 5.0.26 to fix the following issues:

This update fixes various security issues.
- CVE-2016-3612: An unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox before 5.0.22 allowed
remote attackers to affect confidentiality via vectors related to Core.
(boo#990369).
- CVE-2016-3597: Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox before 5.0.26 allows local
users to affect availability via vectors related to Core. (bsc#990370)

- Update the host <-> guest KMP conflict dependencies to no longer refer
to the old name (boo#983927).

This is a maintenance release. The following items were fixed and/or added:
- VMM: fixed a bug in the task switching code (ticket #15571)
- GUI: allow to overwrite an existing file when saving a log file (bug
#8034)
- GUI: fixed screenshot if the VM is started in separate mode
- Audio: improved recording from USB headsets and other sources which
might need conversion of captured data
- Audio: fixed regression of not having any audio available on Solaris
hosts
- VGA: fixed an occasional hang when running Windows guests with 3D enabled
- Storage: fixed a possible endless reconnect loop for the iSCSI backend
if connecting to the target succeeds but further I/O requests cause a
disconnect
- Storage: fixed a bug when resizing certain VDI images which resulted in
using the whole disk on the host (bug #15582)
- EFI: fixed access to devices attached to SATA port 2 and higher (bug
#15607)
- API: fixed video recording with VBoxHeadless (bug #15443)
- API: don't crash if there is no graphics controller configured (bug
#15628)
- VBoxSVC: fixed several memory leaks when handling .dmg images

Version bump to 5.0.24 (released 2016-06-28 by Oracle) This is a
maintenance release. The following items were fixed and/or added:
- VMM: reverted to the old I/O-APIC code for now to fix certain
regressions with 5.0.22 (bug #15529). This means that the networking
performance with certain guests will drop to the 5.0.20 level (bug
#15295). One workaround is to disable GRO for Linux guests.
- Main: when taking a screenshot, don't save garbage for blanked screens
- NAT: correctly parse resolv.conf file with multiple separators (5.0.22
regression)
- Storage: fixed a possible corruption of stream optimized VMDK images
from VMware when opened in read/write mode for the first time
- Audio: imlemented dynamic re-attaching of input/output devices on Mac OS
X hosts
- ACPI: notify the guest when the battery / AC state changes instead of
relying on guest polling
- Linux hosts: fixed VERR_VMM_SET_JMP_ABORTED_RESUME Guru Meditations on
hosts with Linux 4.6 or later (bug #15439)

Version bump to 5.0.22 (released 2016-06-16 by Oracle) This is a
maintenance release. The following items were fixed and/or added:
- VMM: fixes for certain Intel Atom hosts (bug #14915)
- VMM: properly restore the complete FPU state for 32-bit guests on 64-bit
hosts on Intel Sandy Bridge and Ivy Bridge CPUs
- VMM: new I/O-APIC implementation fixing several bugs and improving the
performance under certain conditions (bug #15295 and others)
- VMM: fixed a potential Linux guest panic on AMD hosts
- VMM: fixed a potential hang with 32-bit EFI guests on Intel CPUs (VT-x
without unrestricted guest execution)
- GUI: don't allow to start subsequent separate VM instances
- GUI: raised upper limit for video capture screen resolution (bug #15432)
- GUI: warn if the VM has less than 128MB VRAM configured and 3D enabled
- Main: when monitoring DNS configuration changes on Windows hosts avoid
false positives from competing DHCP renewals. This should fix NAT link
flaps when host has multiple DHCP configured interfaces, in particular
when the host uses OpnVPN.
- Main: properly display an error message if the VRDE server cannot be
enabled at runtime, for example because another service is using the
same port
- NAT: Initialize guest address guess for wildcard port-forwarding rules
with default guest address (bug #15412)
- VGA: fix for a problem which made certain legacy guests crash under
certain conditions (bug #14811)
- OVF: fixed import problems for some appliances using an AHCI controller
created by 3rd party applications
- SDK: reduced memory usage in the webservice Java bindings
- Windows Additions: fixes to retain the guest display layout when
resizing or disabling the guest monitors
- Linux hosts: EL 6.8 fix (bug #15411)
- Linux hosts: Linux 4.7 fix (bug #15459)
- Linux Additions: Linux 4.7 fixes (bug #15444)
- Linux Additions: fix for certain 32-bit guests (5.0.18 regression; bug
#15320)
- Linux Additions: fixed mouse pointer offset (5.0.18 regression; bug
#15324)
- Linux Additions: made old X.Org releases work again with kernels 3.11
and later (5.0.18 regression; bug #15319)
- Linux Additions: fixed X.Org crash after hard guest reset (5.0.18
regression; bug #15354)
- Linux Additions: don't stop the X11 setup if loading the shared folders
module fails (5.0.18 regression)
- Linux Additions: don't complain if the Drag and Drop service is not
available on the host
- Solaris Additions: added support for X.org 1.18


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1087=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

python-virtualbox-5.0.26-51.1
python-virtualbox-debuginfo-5.0.26-51.1
virtualbox-5.0.26-51.1
virtualbox-debuginfo-5.0.26-51.1
virtualbox-debugsource-5.0.26-51.1
virtualbox-devel-5.0.26-51.1
virtualbox-guest-kmp-default-5.0.26_k3.16.7_42-51.1
virtualbox-guest-kmp-default-debuginfo-5.0.26_k3.16.7_42-51.1
virtualbox-guest-kmp-desktop-5.0.26_k3.16.7_42-51.1
virtualbox-guest-kmp-desktop-debuginfo-5.0.26_k3.16.7_42-51.1
virtualbox-guest-tools-5.0.26-51.1
virtualbox-guest-tools-debuginfo-5.0.26-51.1
virtualbox-guest-x11-5.0.26-51.1
virtualbox-guest-x11-debuginfo-5.0.26-51.1
virtualbox-host-kmp-default-5.0.26_k3.16.7_42-51.1
virtualbox-host-kmp-default-debuginfo-5.0.26_k3.16.7_42-51.1
virtualbox-host-kmp-desktop-5.0.26_k3.16.7_42-51.1
virtualbox-host-kmp-desktop-debuginfo-5.0.26_k3.16.7_42-51.1
virtualbox-qt-5.0.26-51.1
virtualbox-qt-debuginfo-5.0.26-51.1
virtualbox-websrv-5.0.26-51.1
virtualbox-websrv-debuginfo-5.0.26-51.1

- openSUSE 13.2 (noarch):

virtualbox-guest-desktop-icons-5.0.26-51.1
virtualbox-host-source-5.0.26-51.1

- openSUSE 13.2 (i586):

virtualbox-guest-kmp-pae-5.0.26_k3.16.7_42-51.1
virtualbox-guest-kmp-pae-debuginfo-5.0.26_k3.16.7_42-51.1
virtualbox-host-kmp-pae-5.0.26_k3.16.7_42-51.1
virtualbox-host-kmp-pae-debuginfo-5.0.26_k3.16.7_42-51.1


References:

https://www.suse.com/security/cve/CVE-2016-3597.html
https://www.suse.com/security/cve/CVE-2016-3612.html
https://bugzilla.suse.com/983927
https://bugzilla.suse.com/990369
https://bugzilla.suse.com/990370


< Previous Next >
This Thread
  • No further messages