openSUSE Security Update : virtualbox (openSUSE-2016-1226)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for virtualbox fixes the following issues :

- Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605,
CVE-2016-5608, CVE-2016-5610, CVE-2016-5611,
CVE-2016-5613 (boo#1005621).

- Reduce memory needs during build.

- Version bump to 5.0.28 (released 2016-10-18 by Oracle)
This is a maintenance release. The following items were
fixed and/or added: NAT: Don't exceed the maximum number
of 'search' suffixes. Patch from bug #15948. NAT: fixed
parsing of port-forwarding rules with a name which
contains a slash (bug #16002) NAT Network: when the host
has only loopback nameserver that cannot be mapped to
the guests (e.g. dnsmasq running on 127.0.1.1), make
DHCP supply NAT Network DNS proxy as nameserver. Bridged
Network: prevent flooding syslog with packet allocation
error messages (bug #15569) USB: fixed a possible crash
when detaching a USB device Audio: fixes for recording
(Mac OS X hosts only) Audio: now using Audio Queues on
Mac OS X hosts OVF: improve importing of VMs created by
VirtualBox 5.1 VHDX: fixed cloning images with
VBoxManage cloned (bug #14288) Storage: Fixed broken
bandwidth limitation when the limit is very low (bug
#14982) Serial: Fixed high CPU usage with certain USB to
serial converters on Linux hosts (bug #7796) BIOS: fixed
4bpp scanline calculation (bug #15787) VBoxManage: Don't
try to set the medium type if there is no change (bug
#13850) API: fixed initialization of SAS controllers
(bug #15972) Linux hosts: don't use 32-bit legacy
capabilities Linux hosts / guests: fix for kernels with
CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux
Additions: several fixes for X11 guests running non-root
X servers Linux Additions: fix for Linux 4.7 (bug
#15769) Linux Additions: fix for the display kmod driver
with Linux 4.8 (bugs #15890 and #15896) Windows
Additions: auto-resizing fixes for Windows 10 guests
(bug #15257) Windows Additions: fixes for arranging the
guest screens in multi-screen scenarios Windows
Additions / VGA: if the guest's power management turns a
virtual screen off, blank the corresponding VM window
rather than hide the VM window Windows Additions: fixed
a generic bug which could lead to freezing shared
folders (bug #15662)

- Modify virtualbox-guest-preamble and
virtualbox-host-preamble to obsolete old versions of the
kernel modules. This change should fix the problem in
(boo#983629).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1005621
https://bugzilla.opensuse.org/show_bug.cgi?id=983629

Solution :

Update the affected virtualbox packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 94302 ()

Bugtraq ID:

CVE ID: CVE-2016-5501
CVE-2016-5538
CVE-2016-5605
CVE-2016-5608
CVE-2016-5610
CVE-2016-5611
CVE-2016-5613

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now