openSUSE Security Update : virtualbox (openSUSE-2016-666)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

virtualbox was updated to 5.0.18 and also fixes the following issues :

Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a
maintenance release. The following items were fixed and/or added: GUI:
position off-screen windows to be fully visible again on relaunch in
consistence with default-behavior (bug #15226) GUI: fixed the View
menu / Full-screen Mode behavior on Mac OS X El Capitan GUI: fixed a
test which allowed to encrypt a hard disk with an empty password GUI:
fixed a crash under certain conditions during VM shutdown GUI: fixed
the size of the VM list scrollbar in the VM selector when entering a
group PC speaker passthrough: fixes (Linux hosts only; bug #627) Drag
and drop: several fixes SATA: fixed hotplug flag handling when EFI is
used Storage: fixed handling of encrypted disk images with SCSI
controllers (bug #14812) Storage: fixed possible crash with Solaris 7
if the BusLogic SCSI controller is used USB: properly purge non-ASCII
characters from USB strings (bugs #8801, #15222) NAT Network: fixed
100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances
(bug #15223) ACPI: fixed ACPI tables to make the display color
management settings available again for older Windows versions (4.3.22
regression) Guest Control: fixed VBoxManage copyfrom command (bug
#14336) Snapshots: fixed several problems when removing older
snapshots (bug #15206) VBoxManage: fixed --verbose output of the
guestcontrol command Windows hosts: hardening fixes required for
recent Windows 10 insider builds (bugs #15245, #15296) Windows hosts:
fixed support of jumbo frames in with bridged networking (5.0.16
regression; bug #15209) Windows hosts: don't prevent receiving
multicast traffic if host-only adapters are installed (bug #8698)
Linux hosts: added support for the new naming scheme of NVME disks
when creating raw disks Solaris hosts / guests: properly sign the
kernel modules (bug #12608) Linux hosts / guests: Linux 4.5 fixes (bug
#15251) Linux hosts / guests: Linux 4.6 fixes (bug #15298) Linux
Additions: added a kernel graphics driver to support graphics when
X.Org does not have root rights (bug #14732) Linux/Solaris Additions:
fixed several issues causing Linux/Solatis guests using software
rendering when 3D acceleration is available Windows Additions: fixed a
hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled

Additional bugfixes :

- Fix start failure of vboxadd service routine This script
fails because /var/lib/VBoxGuestAdditions/config does
not exist; however, there is no need for this file. That
service routine is modified. (boo#977328).

- Add missing initialization of scanout buffer base and
size for proper fbdev support.

- Add support for delayed_io in fbdev-layer. (boo#977200).

- This submission fixes the bug in VB 5.0.18 that prevents
proper operation for guest VMs configured to use a
LsiLogic adapter for disks. See ticket:
https://www.virtualbox.org/ticket/15317 for a
description of the problem, and changeset:
https://www.virtualbox.org/changeset/60565/vbox for the
fix, which is implemented in file
'changeset_60565.diff'. This update contains a fix for
CVE-2016-0678. Bug report boo#976636 discusses this
vulnerability.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=976636
https://bugzilla.opensuse.org/show_bug.cgi?id=977200
https://bugzilla.opensuse.org/show_bug.cgi?id=977328
https://www.virtualbox.org/changeset/60565/vbox
https://www.virtualbox.org/ticket/15317

Solution :

Update the affected virtualbox packages.

Risk factor :

Medium / CVSS Base Score : 4.1
(CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 91411 ()

Bugtraq ID:

CVE ID: CVE-2016-0678

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now