openSUSE Security Update : virtualbox (openSUSE-2016-1366)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for virtualbox fixes the following issues :

- Fixes
CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608,
CVE-2016-5610,CVE-2016-5611,CVE-2016-5613 (bsc#1005621)

- Add patch to limit number of simultaneous make jobs.

- Version bump to 5.1.8 (released 2016-10-18 by Oracle)
This is a maintenance release. The following items were
fixed and/or added: GUI: fixed keyboard shortcut
handling regressions (Mac OS X hosts only; bugs #15937
and #15938) GUI: fixed keyboard handling regression for
separate UI (Windows hosts only; bugs #15928) NAT: don't
exceed the maximum number of 'search' suffixes. Patch
from bug #15948. NAT: fixed parsing of port-forwarding
rules with a name which contains a slash (bug #16002)
NAT Network: when the host has only loopback nameserver
that cannot be mapped to the guests (e.g. dnsmasq
running on 127.0.1.1), make DHCP supply NAT Network DNS
proxy as nameserver. Bridged Network: prevent flooding
syslog with packet allocation error messages (bug
#15569) Audio: now using Audio Queues on Mac OS X hosts
Audio: fixed recording with the PulseAudio backend (5.1
regression) Audio: various bugfixes Snapshots: fixed
regression in 5.1.4 for deleting snapshots with several
disks (bug #15831) Snapshots: crash fix and better error
reporting when snapshot deletion failed Storage: some
fixes for the NVMe emulation with Windows guests API:
fixed initialization of SAS controllers (bug #15972)
Build system: make it possible to build VBox on systems
which default to Python 3 Windows Additions / VGA: if
the guest's power management turns a virtual screen off,
blank the corresponding VM window rather than hide the
window Windows Additions: fixed a generic bug which
could lead to freezing shared folders (bug #15662) Linux
hosts / guests: fix for kernels with
CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux
Additions: don't require all virtual consoles be in text
mode. This should fix cases when the guest is booted
with a graphical boot screen (bug #15683) Linux
Additions: added depmod overrides for the vboxguest and
vboxsf kernel modules to fix conflicts with modules
shipped by certain Linux distributions X11 Additions:
disable 3D on the guest if the host does not provide
enough capabilities (bug #15860)

- Builds keep running out of memory when building the web
server part of the package. To help the memory pressure,
I have forced make to run with '-j2', rather than use
the number of processors. Such a change will slow the
build, but will result in a higher rate of success.

- Increase memory allowed in build to 10000 MB.

- Remove file 'fix_removal_of_DEFINE_PCI_DEVICE_TABLE' -
fixed upstream.

- Version bump to 5.1.6 (released 2016-09-12 by Oracle)
This is a maintenance release. The following items were
fixed and/or added: GUI: fixed issue with opening
'.vbox' files and it's aliases GUI: keyboard grabbing
fixes (bugs #15771 and #15745) GUI: fix for passing
through Ctrl + mouse-click (Mac OS X hosts only; bug
#15714) GUI: fixed automatic deletion of extension pack
files (bugs #11352 and #14742) USB: fixed showing
unknown device instead of the manufacturer or product
description under certain circumstances (5.1.0
regression; bug #15764) XHCI: another fix for a hanging
guest under certain conditions as result of the fix for
bug #15747, this time for Windows 7 guests Serial: fixed
high CPU usage with certain USB to serial converters on
Linux hosts (bug #7796) Storage: fixed attaching stream
optimized VMDK images (bug #14764) Storage: reject image
variants which are unsupported by the backend (bug
#7227) Storage: fixed loading saved states created with
VirtualBox 5.0.10 and older when using a SCSI controller
(bug #15865) Storage: fixed broken NVMe emulation if the
host I/O cache setting is enabled Storage: fixed using
multiple NVMe controllers if ICH9 is used NVMe: fixed a
crash during reset which could happen under certain
circumstances Audio: fixed microphone input (5.1.2
regression; bugs #14386 and #15802) Audio: fixed crashes
under certain conditions (5.1.0 regression; bug #15887
and others) Audio: fixed recording with the ALSA backend
(5.1 regression) Audio: fixed stream access mode with
OSS backend (5.1 regression, thanks to Jung-uk Kim)
E1000: do also return masked bits when reading the ICR
register, this fixes booting from iPXE (5.1.2
regression; bug #15846) BIOS: fixed 4bpp scanline
calculation (bug #15787) API: relax the check for the
version attribute in OVF/OVA appliances (bug #15856)
Windows hosts: fixed crashes when terminating the VM
selector or other VBox COM clients (bug #15726 and
others) Linux Installer: fixed path to the documentation
in .rpm packages (5.1.0 regression) Linux Installer:
fixed the vboxdrv.sh script to prevent an SELinux
complaint (bug #15816) Linux hosts: don't use 32-bit
legacy capabilities Linux Additions: Linux 4.8 fix for
the kernel display driver (bugs #15890 and #15896) Linux
Additions: don't load the kernel modules provided by the
Linux distribution but load the kernel modules from the
official Guest Additions package instead (bug #15324)
Linux Additions: fix dynamic resizing problems in recent
Linux guests (bug #15875) User Manual: fixed error in
the VBoxManage chapter for the getextradata enumerate
example (bug #15862)

- Add file 'fix_removal_of_DEFINE_PCI_DEVICE_TABLE' to
compile on kernel 4.8.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1005621

Solution :

Update the affected virtualbox packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95378 ()

Bugtraq ID:

CVE ID: CVE-2016-5501
CVE-2016-5538
CVE-2016-5605
CVE-2016-5608
CVE-2016-5610
CVE-2016-5611
CVE-2016-5613

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now