A CVE has been assigned for a problem fixed in VirtualBox 4.2.16, where the virtio network driver could hang or crash the host. This is apparently some sort of denial of service: http://openwall.com/lists/oss-security/2013/07/05/15 Reproducible: Steps to Reproduce:
Yep, I'm aware of it, which is why I fixed and pushed the cauldron build today I will push 4.2.16 for both mga2 and mga3 as soon as core kernel update is validated / pushed on mga3
Status: NEW => ASSIGNEDWhiteboard: (none) => MGA2TOO
Advisory: This virtualbox update provides the 4.2.16 maintenance release, which fixes the following security issue: Thomas Dreibholz has discovered a vulnerability in Oracle VirtualBox, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can be exploited to render the host network connection and the virtual machine instance unresponsive or locking the host by issuing e.g. the "tracepath" command. Successful exploitation requires the target virtual machine to be equipped with a paravirtualised network adapter (virtio-net). (CVE-2013-3792) For other changes in this update, see the referenced changelog. References: https://www.virtualbox.org/wiki/Changelog https://www.virtualbox.org/ticket/11863 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3792 https://bugs.mageia.org/show_bug.cgi?id=10736 mga2/SRPMS: kmod-vboxadditions-4.2.16-1.mga2.src.rpm kmod-virtualbox-4.2.16-1.mga2.src.rpm virtualbox-4.2.16-1.mga2.src.rpm mga2/i586: dkms-vboxadditions-4.2.16-1.mga2.i586.rpm dkms-virtualbox-4.2.16-1.mga2.i586.rpm python-virtualbox-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-3.4.52-desktop-1.mga2-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-3.4.52-desktop586-1.mga2-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-3.4.52-netbook-1.mga2-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-3.4.52-server-1.mga2-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-desktop586-latest-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-desktop-latest-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-netbook-latest-4.2.16-1.mga2.i586.rpm vboxadditions-kernel-server-latest-4.2.16-1.mga2.i586.rpm virtualbox-4.2.16-1.mga2.i586.rpm virtualbox-devel-4.2.16-1.mga2.i586.rpm virtualbox-guest-additions-4.2.16-1.mga2.i586.rpm virtualbox-kernel-3.4.52-desktop-1.mga2-4.2.16-1.mga2.i586.rpm virtualbox-kernel-3.4.52-desktop586-1.mga2-4.2.16-1.mga2.i586.rpm virtualbox-kernel-3.4.52-netbook-1.mga2-4.2.16-1.mga2.i586.rpm virtualbox-kernel-3.4.52-server-1.mga2-4.2.16-1.mga2.i586.rpm virtualbox-kernel-desktop586-latest-4.2.16-1.mga2.i586.rpm virtualbox-kernel-desktop-latest-4.2.16-1.mga2.i586.rpm virtualbox-kernel-netbook-latest-4.2.16-1.mga2.i586.rpm virtualbox-kernel-server-latest-4.2.16-1.mga2.i586.rpm x11-driver-video-vboxvideo-4.2.16-1.mga2.i586.rpm mga2/x86_64: dkms-vboxadditions-4.2.16-1.mga2.x86_64.rpm dkms-virtualbox-4.2.16-1.mga2.x86_64.rpm python-virtualbox-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-3.4.52-desktop-1.mga2-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-3.4.52-netbook-1.mga2-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-3.4.52-server-1.mga2-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-desktop-latest-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-netbook-latest-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-server-latest-4.2.16-1.mga2.x86_64.rpm virtualbox-4.2.16-1.mga2.x86_64.rpm virtualbox-devel-4.2.16-1.mga2.x86_64.rpm virtualbox-guest-additions-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-3.4.52-desktop-1.mga2-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-3.4.52-netbook-1.mga2-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-3.4.52-server-1.mga2-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-desktop-latest-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-netbook-latest-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-server-latest-4.2.16-1.mga2.x86_64.rpm x11-driver-video-vboxvideo-4.2.16-1.mga2.x86_64.rpm mga3/SRPMS: kmod-vboxadditions-4.2.16-1.mga3.src.rpm kmod-virtualbox-4.2.16-1.mga3.src.rpm virtualbox-4.2.16-1.mga3.src.rpm mga3/i586: dkms-vboxadditions-4.2.16-1.mga3.noarch.rpm dkms-virtualbox-4.2.16-1.mga3.noarch.rpm python-virtualbox-4.2.16-1.mga3.i586.rpm vboxadditions-kernel-3.8.13.4-desktop-1.mga3-4.2.16-1.mga3.i586.rpm vboxadditions-kernel-3.8.13.4-desktop586-1.mga3-4.2.16-1.mga3.i586.rpm vboxadditions-kernel-3.8.13.4-server-1.mga3-4.2.16-1.mga3.i586.rpm vboxadditions-kernel-desktop586-latest-4.2.16-1.mga3.i586.rpm vboxadditions-kernel-desktop-latest-4.2.16-1.mga3.i586.rpm vboxadditions-kernel-server-latest-4.2.16-1.mga3.i586.rpm virtualbox-4.2.16-1.mga3.i586.rpm virtualbox-devel-4.2.16-1.mga3.i586.rpm virtualbox-guest-additions-4.2.16-1.mga3.i586.rpm virtualbox-kernel-3.8.13.4-desktop-1.mga3-4.2.16-1.mga3.i586.rpm virtualbox-kernel-3.8.13.4-desktop586-1.mga3-4.2.16-1.mga3.i586.rpm virtualbox-kernel-3.8.13.4-server-1.mga3-4.2.16-1.mga3.i586.rpm virtualbox-kernel-desktop586-latest-4.2.16-1.mga3.i586.rpm virtualbox-kernel-desktop-latest-4.2.16-1.mga3.i586.rpm virtualbox-kernel-server-latest-4.2.16-1.mga3.i586.rpm x11-driver-video-vboxvideo-4.2.16-1.mga3.i586.rpm mga3/x86_64: dkms-vboxadditions-4.2.16-1.mga3.noarch.rpm dkms-virtualbox-4.2.16-1.mga3.noarch.rpm python-virtualbox-4.2.16-1.mga3.x86_64.rpm vboxadditions-kernel-3.8.13.4-desktop-1.mga3-4.2.16-1.mga3.x86_64.rpm vboxadditions-kernel-3.8.13.4-server-1.mga3-4.2.16-1.mga3.x86_64.rpm vboxadditions-kernel-desktop-latest-4.2.16-1.mga3.x86_64.rpm vboxadditions-kernel-server-latest-4.2.16-1.mga3.x86_64.rpm virtualbox-4.2.16-1.mga3.x86_64.rpm virtualbox-devel-4.2.16-1.mga3.x86_64.rpm virtualbox-guest-additions-4.2.16-1.mga3.x86_64.rpm virtualbox-kernel-3.8.13.4-desktop-1.mga3-4.2.16-1.mga3.x86_64.rpm virtualbox-kernel-3.8.13.4-server-1.mga3-4.2.16-1.mga3.x86_64.rpm virtualbox-kernel-desktop-latest-4.2.16-1.mga3.x86_64.rpm virtualbox-kernel-server-latest-4.2.16-1.mga3.x86_64.rpm x11-driver-video-vboxvideo-4.2.16-1.mga3.x86_64.rpm
Hardware: i586 => AllAssignee: tmb => qa-bugsSource RPM: virtualbox-4.2.12-2.mga3.src.rpm => virtualbox-4.2.16-1.mga3
CC: (none) => tmb
Advisory 10736.adv added to svn
CC: (none) => davidwhodgins
Testing complete mga3_64 Ok for me, nothing to report and no regression with this update.
CC: (none) => geiger.david68210
Testing complete mga2_64 Ok for me, nothing to report and no regression with this update. mga2/x86_64: dkms-virtualbox-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-3.4.52-desktop-1.mga2-4.2.16-1.mga2.x86_64.rpm vboxadditions-kernel-desktop-latest-4.2.16-1.mga2.x86_64.rpm virtualbox-4.2.16-1.mga2.x86_64.rpm virtualbox-guest-additions-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-3.4.52-desktop-1.mga2-4.2.16-1.mga2.x86_64.rpm virtualbox-kernel-desktop-latest-4.2.16-1.mga2.x86_64.rpm x11-driver-video-vboxvideo-4.2.16-1.mga2.x86_64.rpm mga3/x86_64: dkms-virtualbox-4.2.16-1.mga3.noarch.rpm vboxadditions-kernel-3.8.13.4-desktop-1.mga3-4.2.16-1.mga3.x86_64.rpm vboxadditions-kernel-desktop-latest-4.2.16-1.mga3.x86_64.rpm virtualbox-4.2.16-1.mga3.x86_64.rpm virtualbox-guest-additions-4.2.16-1.mga3.x86_64.rpm virtualbox-kernel-3.8.13.4-desktop-1.mga3-4.2.16-1.mga3.x86_64.rpm virtualbox-kernel-desktop-latest-4.2.16-1.mga3.x86_64.rpm x11-driver-video-vboxvideo-4.2.16-1.mga3.x86_64.rpm
Whiteboard: MGA2TOO => MGA2TOO MGA3-64-OK MGA2-64-OK
MGA3-32-OK on real hardware virtualbox-4.2.12-2.mga3.i586.rpm installed then launched from desktop icon. Created and launched a Puppy Linux Slacko 5.5-6G client using the Live-CD iso virtualbox-4.2.16-1.mga3.i586.rpm installed from updates_testing Successfully relaunched the Puppy Linux Slacko 5.5-6G client using the Live-CD iso Test platform: Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775 GigaByte GA-81915G i915G LGA775 MoBo Marvel Yukon 88E8001 Gigabit LAN Intel High Def Audio (snd-hda-intel) Intel Graphics Media Accelerator 900 (Intel 82915G) 4GB (2 x 2GB) DDR400 PC-3200 Update validated Updated packages in core/updates_testing: ================================= virtualbox-4.2.16-1.mga3.i586.rpm from SRPMS: virtualbox-4.2.16-1.mga3.src.rpm
CC: (none) => wilcal.intWhiteboard: MGA2TOO MGA3-64-OK MGA2-64-OK => MGA2TOO MGA3-64-OK MGA2-64-OK MGA3-32-OK
It doesn't look like anyone has tested Mageia 2 i586 yet, so it's not validated quite yet. Thank you for testing.
MGA2-32-OK on real hardware virtualbox-4.1.12-1.mga2.i586.rpm installed then launched from desktop icon. Created and launched a Puppy Linux Slacko 5.5-6G client using the Live-CD iso virtualbox-4.2.16-1.mga2.i586.rpm installed from updates_testing Successfully relaunched the Puppy Linux Slacko 5.5-6G client using the Live-CD iso Test platform: Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775 GigaByte GA-81915G i915G LGA775 MoBo Marvel Yukon 88E8001 Gigabit LAN Intel High Def Audio (snd-hda-intel) Intel Graphics Media Accelerator 900 (Intel 82915G) 4GB (2 x 2GB) DDR400 PC-3200 Update validated Updated packages in core/updates_testing: ================================= virtualbox-4.2.16-1.mga2.i586.rpm from SRPMS: virtualbox-4.2.16-1.mga2.src.rpm
Whiteboard: MGA2TOO MGA3-64-OK MGA2-64-OK MGA3-32-OK => MGA2TOO MGA3-64-OK MGA2-64-OK MGA3-32-OK MGA2-32-OK
Good to go
Thanks, now the update really is validated. Adding the keyword, as "Advisory 10736.adv added to svn" by Dave Hodgins.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0222.html
Status: ASSIGNED => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/560030/
CC: boklm => (none)