openSUSE Security Update : virtualbox (openSUSE-2016-1226)

High Nessus Plugin ID 94302

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.3

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for virtualbox fixes the following issues :

- Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 (boo#1005621).

- Reduce memory needs during build.

- Version bump to 5.0.28 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: NAT: Don't exceed the maximum number of 'search' suffixes. Patch from bug #15948. NAT: fixed parsing of port-forwarding rules with a name which contains a slash (bug #16002) NAT Network: when the host has only loopback nameserver that cannot be mapped to the guests (e.g. dnsmasq running on 127.0.1.1), make DHCP supply NAT Network DNS proxy as nameserver. Bridged Network: prevent flooding syslog with packet allocation error messages (bug #15569) USB: fixed a possible crash when detaching a USB device Audio: fixes for recording (Mac OS X hosts only) Audio: now using Audio Queues on Mac OS X hosts OVF: improve importing of VMs created by VirtualBox 5.1 VHDX: fixed cloning images with VBoxManage cloned (bug #14288) Storage: Fixed broken bandwidth limitation when the limit is very low (bug #14982) Serial: Fixed high CPU usage with certain USB to serial converters on Linux hosts (bug #7796) BIOS: fixed 4bpp scanline calculation (bug #15787) VBoxManage: Don't try to set the medium type if there is no change (bug #13850) API: fixed initialization of SAS controllers (bug #15972) Linux hosts: don't use 32-bit legacy capabilities Linux hosts / guests: fix for kernels with CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux Additions: several fixes for X11 guests running non-root X servers Linux Additions: fix for Linux 4.7 (bug #15769) Linux Additions: fix for the display kmod driver with Linux 4.8 (bugs #15890 and #15896) Windows Additions: auto-resizing fixes for Windows 10 guests (bug #15257) Windows Additions: fixes for arranging the guest screens in multi-screen scenarios Windows Additions / VGA: if the guest's power management turns a virtual screen off, blank the corresponding VM window rather than hide the VM window Windows Additions: fixed a generic bug which could lead to freezing shared folders (bug #15662)

- Modify virtualbox-guest-preamble and virtualbox-host-preamble to obsolete old versions of the kernel modules. This change should fix the problem in (boo#983629).

Solution

Update the affected virtualbox packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1005621

https://bugzilla.opensuse.org/show_bug.cgi?id=983629

Plugin Details

Severity: High

ID: 94302

File Name: openSUSE-2016-1226.nasl

Version: 2.3

Type: local

Agent: unix

Published: 2016/10/27

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.3

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-source, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2016/10/25

Reference Information

CVE: CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613