openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2623-1 Rating: moderate References: #1005621 #983629 Cross-References: CVE-2016-5501 CVE-2016-5538 CVE-2016-5605 CVE-2016-5608 CVE-2016-5610 CVE-2016-5611 CVE-2016-5613 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for virtualbox fixes the following issues: - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 (boo#1005621). - Reduce memory needs during build. - Version bump to 5.0.28 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: NAT: Don't exceed the maximum number of "search" suffixes. Patch from bug #15948. NAT: fixed parsing of port-forwarding rules with a name which contains a slash (bug #16002) NAT Network: when the host has only loopback nameserver that cannot be mapped to the guests (e.g. dnsmasq running on 127.0.1.1), make DHCP supply NAT Network DNS proxy as nameserver. Bridged Network: prevent flooding syslog with packet allocation error messages (bug #15569) USB: fixed a possible crash when detaching a USB device Audio: fixes for recording (Mac OS X hosts only) Audio: now using Audio Queues on Mac OS X hosts OVF: improve importing of VMs created by VirtualBox 5.1 VHDX: fixed cloning images with VBoxManage cloned (bug #14288) Storage: Fixed broken bandwidth limitation when the limit is very low (bug #14982) Serial: Fixed high CPU usage with certain USB to serial converters on Linux hosts (bug #7796) BIOS: fixed 4bpp scanline calculation (bug #15787) VBoxManage: Don't try to set the medium type if there is no change (bug #13850) API: fixed initialization of SAS controllers (bug #15972) Linux hosts: don't use 32-bit legacy capabilities Linux hosts / guests: fix for kernels with CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux Additions: several fixes for X11 guests running non-root X servers Linux Additions: fix for Linux 4.7 (bug #15769) Linux Additions: fix for the display kmod driver with Linux 4.8 (bugs #15890 and #15896) Windows Additions: auto-resizing fixes for Windows 10 guests (bug #15257) Windows Additions: fixes for arranging the guest screens in multi-screen scenarios Windows Additions / VGA: if the guest's power management turns a virtual screen off, blank the corresponding VM window rather than hide the VM window Windows Additions: fixed a generic bug which could lead to freezing shared folders (bug #15662) - Modify virtualbox-guest-preamble and virtualbox-host-preamble to obsolete old versions of the kernel modules. This change should fix the problem in (boo#983629). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2016-1226=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): python-virtualbox-5.0.28-54.1 python-virtualbox-debuginfo-5.0.28-54.1 virtualbox-5.0.28-54.1 virtualbox-debuginfo-5.0.28-54.1 virtualbox-debugsource-5.0.28-54.1 virtualbox-devel-5.0.28-54.1 virtualbox-guest-kmp-default-5.0.28_k3.16.7_42-54.1 virtualbox-guest-kmp-default-debuginfo-5.0.28_k3.16.7_42-54.1 virtualbox-guest-kmp-desktop-5.0.28_k3.16.7_42-54.1 virtualbox-guest-kmp-desktop-debuginfo-5.0.28_k3.16.7_42-54.1 virtualbox-guest-tools-5.0.28-54.1 virtualbox-guest-tools-debuginfo-5.0.28-54.1 virtualbox-guest-x11-5.0.28-54.1 virtualbox-guest-x11-debuginfo-5.0.28-54.1 virtualbox-host-kmp-default-5.0.28_k3.16.7_42-54.1 virtualbox-host-kmp-default-debuginfo-5.0.28_k3.16.7_42-54.1 virtualbox-host-kmp-desktop-5.0.28_k3.16.7_42-54.1 virtualbox-host-kmp-desktop-debuginfo-5.0.28_k3.16.7_42-54.1 virtualbox-qt-5.0.28-54.1 virtualbox-qt-debuginfo-5.0.28-54.1 virtualbox-websrv-5.0.28-54.1 virtualbox-websrv-debuginfo-5.0.28-54.1 - openSUSE 13.2 (noarch): virtualbox-guest-desktop-icons-5.0.28-54.1 virtualbox-host-source-5.0.28-54.1 - openSUSE 13.2 (i586): virtualbox-guest-kmp-pae-5.0.28_k3.16.7_42-54.1 virtualbox-guest-kmp-pae-debuginfo-5.0.28_k3.16.7_42-54.1 virtualbox-host-kmp-pae-5.0.28_k3.16.7_42-54.1 virtualbox-host-kmp-pae-debuginfo-5.0.28_k3.16.7_42-54.1 References: https://www.suse.com/security/cve/CVE-2016-5501.html https://www.suse.com/security/cve/CVE-2016-5538.html https://www.suse.com/security/cve/CVE-2016-5605.html https://www.suse.com/security/cve/CVE-2016-5608.html https://www.suse.com/security/cve/CVE-2016-5610.html https://www.suse.com/security/cve/CVE-2016-5611.html https://www.suse.com/security/cve/CVE-2016-5613.html https://bugzilla.suse.com/1005621 https://bugzilla.suse.com/983629