Bug 17571

Summary: Update request: virtualbox-5.0.14-1.mga5
Product: Mageia Reporter: Thomas Backlund <tmb>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: andrewsfarm, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/673467/
Whiteboard: MGA5-32-OK MGA5-64-OK advisory
Source RPM: virtualbox CVE:
Status comment:

Description Thomas Backlund 2016-01-21 21:25:35 CET 
New virtualbox maintenance release to test:


SRPMS:
kmod-vboxadditions-5.0.14-1.mga5.src.rpm
kmod-virtualbox-5.0.14-1.mga5.src.rpm
virtualbox-5.0.14-1.mga5.src.rpm


i586:
dkms-vboxadditions-5.0.14-1.mga5.noarch.rpm
dkms-virtualbox-5.0.14-1.mga5.noarch.rpm
python-virtualbox-5.0.14-1.mga5.i586.rpm
vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.14-1.mga5.i586.rpm
vboxadditions-kernel-4.1.15-desktop586-2.mga5-5.0.14-1.mga5.i586.rpm
vboxadditions-kernel-4.1.15-server-2.mga5-5.0.14-1.mga5.i586.rpm
vboxadditions-kernel-desktop586-latest-5.0.14-1.mga5.i586.rpm
vboxadditions-kernel-desktop-latest-5.0.14-1.mga5.i586.rpm
vboxadditions-kernel-server-latest-5.0.14-1.mga5.i586.rpm
virtualbox-5.0.14-1.mga5.i586.rpm
virtualbox-devel-5.0.14-1.mga5.i586.rpm
virtualbox-guest-additions-5.0.14-1.mga5.i586.rpm
virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.14-1.mga5.i586.rpm
virtualbox-kernel-4.1.15-desktop586-2.mga5-5.0.14-1.mga5.i586.rpm
virtualbox-kernel-4.1.15-server-2.mga5-5.0.14-1.mga5.i586.rpm
virtualbox-kernel-desktop586-latest-5.0.14-1.mga5.i586.rpm
virtualbox-kernel-desktop-latest-5.0.14-1.mga5.i586.rpm
virtualbox-kernel-server-latest-5.0.14-1.mga5.i586.rpm
x11-driver-video-vboxvideo-5.0.14-1.mga5.i586.rpm


x86_64:
dkms-vboxadditions-5.0.14-1.mga5.noarch.rpm
dkms-virtualbox-5.0.14-1.mga5.noarch.rpm
python-virtualbox-5.0.14-1.mga5.x86_64.rpm
vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.14-1.mga5.x86_64.rpm
vboxadditions-kernel-4.1.15-server-2.mga5-5.0.14-1.mga5.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.0.14-1.mga5.x86_64.rpm
vboxadditions-kernel-server-latest-5.0.14-1.mga5.x86_64.rpm
virtualbox-5.0.14-1.mga5.x86_64.rpm
virtualbox-devel-5.0.14-1.mga5.x86_64.rpm
virtualbox-guest-additions-5.0.14-1.mga5.x86_64.rpm
virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.14-1.mga5.x86_64.rpm
virtualbox-kernel-4.1.15-server-2.mga5-5.0.14-1.mga5.x86_64.rpm
virtualbox-kernel-desktop-latest-5.0.14-1.mga5.x86_64.rpm
virtualbox-kernel-server-latest-5.0.14-1.mga5.x86_64.rpm
x11-driver-video-vboxvideo-5.0.14-1.mga5.x86_64.rpm



Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Backlund 2016-01-21 21:28:39 CET 
advisory added to svn

Whiteboard: (none) => advisory

Comment 2 David Walser 2016-01-21 23:58:02 CET 
Tested Mageia 5 i586 host with every VM guest OS known to man.  Everything worked OK.  I haven't tested any VMs with sound, so I'll do that with my VM at home, hopefully tomorrow.
Comment 3 Thomas Andrews 2016-01-22 01:12:51 CET 
Tested Mageia 5 x86-64 host with Mageia 5 i586 guest. Everything worked OK, including sound.

CC: (none) => andrewsfarm

Comment 4 James Kerr 2016-01-22 10:31:21 CET 
Testing on mga5-64

Packages installed from testing:
- virtualbox-5.0.14-1.mga5.x86_64
- virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.14-1.mga5.x86_64
- virtualbox-kernel-desktop-latest-5.0.14-1.mga5.x86_64

Packages installed cleanly
Installed Extension pack

Win xp guest:
Launced normally
Additions updated
USB devices accessible and working

mga5-32 guest:
Launched normally
Packages installed from testing:
- vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.14-1.mga5.i586
- vboxadditions-kernel-desktop-latest-5.0.14-1.mga5.i586
- virtualbox-guest-additions-5.0.14-1.mga5.i586
- x11-driver-video-vboxvideo-5.0.14-1.mga5.i586
USB devices accessible and working

OK for mga5-64 host 
OK for mga5-32 guest
Comment 5 Thomas Backlund 2016-01-22 22:59:14 CET 
Turns out it's a security update:
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers
to affect availability via unknown vectors related to Core. 
(CVE-2016-0495)

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local
users to affect availability via unknown vectors related to Core. 
(CVE-2016-0592)

advisory in svn updated accordingly

Component: RPM Packages => Security

Comment 6 James Kerr 2016-01-23 00:30:40 CET 
Testing on mga5-32

Packages installed from testing:
- virtualbox-5.0.14-1.mga5.i586
- virtualbox-kernel-4.1.15-server-2.mga5-5.0.14-1.mga5.i586
- virtualbox-kernel-server-latest-5.0.14-1.mga5.i586
Packages installed cleanly

Installed Extension pack

win7-32 guest - runs normally including sound and USB

OK for mga5-32
Comment 7 David Walser 2016-01-23 00:48:08 CET 
Finished testing my Mageia 5 i586 guest at home, that's fine too.

Thanks TJ and James for your x86_64 tests.  This has been sufficiently tested to release.

Please to push to core/updates.

Keywords: (none) => validated_update
Whiteboard: advisory => MGA5-32-OK MGA5-64-OK advisory
CC: (none) => sysadmin-bugs

Comment 8 Mageia Robot 2016-01-23 12:47:05 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0035.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2016-01-25 20:35:49 CET

URL: (none) => http://lwn.net/Vulnerabilities/673467/