Bug 17015

Summary: Update request: virtualbox 5.0.8
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/662176/
Whiteboard: advisory MGA5-32-OK MGA5-64-OK
Source RPM: virtualbox-5.0.8-1.mga5 CVE:
Status comment:

Description Thomas Backlund 2015-10-25 18:41:03 CET 
Advisory:
Updated virtualbox package fixes security vulnerabilities

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42,
4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability requiring logon
to Operating System. Successful attack of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS). 
Note: Only Windows guests are impacted, and Windows guests without VirtualBox
Guest Additions installed are not affected (CVE-2015-4813).

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42,
4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability allows successful
unauthenticated network attacks. Successful attack of this vulnerability can
result in unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS).
Note: Only VMs with Remote Display feature (RDP) enabled are impacted
(CVE-2015-4896).

References:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixOVIR



SRPMS:
kmod-vboxadditions-5.0.8-1.mga5.src.rpm
kmod-virtualbox-5.0.8-1.mga5.src.rpm
virtualbox-5.0.8-1.mga5.src.rpm


i586:
dkms-vboxadditions-5.0.8-1.mga5.noarch.rpm
dkms-virtualbox-5.0.8-1.mga5.noarch.rpm
python-virtualbox-5.0.8-1.mga5.i586.rpm
vboxadditions-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.i586.rpm
vboxadditions-kernel-4.1.8-desktop586-1.mga5-5.0.8-1.mga5.i586.rpm
vboxadditions-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.i586.rpm
vboxadditions-kernel-desktop586-latest-5.0.8-1.mga5.i586.rpm
vboxadditions-kernel-desktop-latest-5.0.8-1.mga5.i586.rpm
vboxadditions-kernel-server-latest-5.0.8-1.mga5.i586.rpm
virtualbox-5.0.8-1.mga5.i586.rpm
virtualbox-devel-5.0.8-1.mga5.i586.rpm
virtualbox-guest-additions-5.0.8-1.mga5.i586.rpm
virtualbox-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.i586.rpm
virtualbox-kernel-4.1.8-desktop586-1.mga5-5.0.8-1.mga5.i586.rpm
virtualbox-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.i586.rpm
virtualbox-kernel-desktop586-latest-5.0.8-1.mga5.i586.rpm
virtualbox-kernel-desktop-latest-5.0.8-1.mga5.i586.rpm
virtualbox-kernel-server-latest-5.0.8-1.mga5.i586.rpm
x11-driver-video-vboxvideo-5.0.8-1.mga5.i586.rpm


x86_64:
dkms-vboxadditions-5.0.8-1.mga5.noarch.rpm
dkms-virtualbox-5.0.8-1.mga5.noarch.rpm
python-virtualbox-5.0.8-1.mga5.x86_64.rpm
vboxadditions-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.x86_64.rpm
vboxadditions-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.0.8-1.mga5.x86_64.rpm
vboxadditions-kernel-server-latest-5.0.8-1.mga5.x86_64.rpm
virtualbox-5.0.8-1.mga5.x86_64.rpm
virtualbox-devel-5.0.8-1.mga5.x86_64.rpm
virtualbox-guest-additions-5.0.8-1.mga5.x86_64.rpm
virtualbox-kernel-4.1.8-desktop-1.mga5-5.0.8-1.mga5.x86_64.rpm
virtualbox-kernel-4.1.8-server-1.mga5-5.0.8-1.mga5.x86_64.rpm
virtualbox-kernel-desktop-latest-5.0.8-1.mga5.x86_64.rpm
virtualbox-kernel-server-latest-5.0.8-1.mga5.x86_64.rpm
x11-driver-video-vboxvideo-5.0.8-1.mga5.x86_64.rpm



Reproducible: 

Steps to Reproduce:
Dave Hodgins 2015-10-25 23:55:43 CET

CC: (none) => davidwhodgins
Whiteboard: (none) => advisory

Comment 1 David Walser 2015-10-26 13:54:39 CET 
Tested Mageia 5 guest and host, as well as Windows 7 and Debian guests, Mageia 5 i586.  Everything OK.

Whiteboard: advisory => advisory MGA5-32-OK

Dave Hodgins 2015-10-27 09:21:59 CET

Keywords: (none) => validated_update
Whiteboard: advisory MGA5-32-OK => advisory MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 2 Mageia Robot 2015-10-27 10:07:43 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0415.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-10-27 17:25:26 CET

URL: (none) => http://lwn.net/Vulnerabilities/662176/