Detections
Analytics

openSUSE Security Update : virtualbox (openSUSE-2016-666)

medium Nessus Plugin ID 91411

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

virtualbox was updated to 5.0.18 and also fixes the following issues :

Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI:
position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan GUI: fixed a test which allowed to encrypt a hard disk with an empty password GUI:
fixed a crash under certain conditions during VM shutdown GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group PC speaker passthrough: fixes (Linux hosts only; bug #627) Drag and drop: several fixes SATA: fixed hotplug flag handling when EFI is used Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) Guest Control: fixed VBoxManage copyfrom command (bug #14336) Snapshots: fixed several problems when removing older snapshots (bug #15206) VBoxManage: fixed --verbose output of the guestcontrol command Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) Windows hosts:
fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks Solaris hosts / guests: properly sign the kernel modules (bug #12608) Linux hosts / guests: Linux 4.5 fixes (bug #15251) Linux hosts / guests: Linux 4.6 fixes (bug #15298) Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) Linux/Solaris Additions:
fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled

Additional bugfixes :

 - Fix start failure of vboxadd service routine This script fails because /var/lib/VBoxGuestAdditions/config does not exist; however, there is no need for this file. That service routine is modified. (boo#977328).

 - Add missing initialization of scanout buffer base and size for proper fbdev support.

 - Add support for delayed_io in fbdev-layer. (boo#977200).

 - This submission fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use a LsiLogic adapter for disks. See ticket:
 https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset:
 https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file 'changeset_60565.diff'. This update contains a fix for CVE-2016-0678. Bug report boo#976636 discusses this vulnerability.

Solution

Update the affected virtualbox packages.

See Also

https://www.virtualbox.org/ticket/15317

https://bugzilla.opensuse.org/show_bug.cgi?id=976636

https://bugzilla.opensuse.org/show_bug.cgi?id=977200

https://bugzilla.opensuse.org/show_bug.cgi?id=977328

https://www.virtualbox.org/changeset/60565/vbox

Plugin Details

Severity: Medium

ID: 91411

File Name: openSUSE-2016-666.nasl

Version: 2.4

Type: local

Agent: unix

Published: 6/1/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 4.1

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-source, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/31/2016

Reference Information

CVE: CVE-2016-0678