Advisory: Updated virtualbox packages fixes security vulnerability This update provides the 4.3.28 maintenance release fixing the following security issue: The Floppy Disk Controller (FDC) in QEMU, XEN, KVM and virtualbox allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the FD_CMD_READ_ID, FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM (CVE-2015-3456). For other fixes in the maintenance release, read the referenced changelog. References: https://www.virtualbox.org/wiki/Changelog SRPMS: kmod-vboxadditions-4.3.28-1.mga4.src.rpm kmod-virtualbox-4.3.28-1.mga4.src.rpm virtualbox-4.3.28-1.mga4.src.rpm i586: dkms-vboxadditions-4.3.28-1.mga4.noarch.rpm dkms-virtualbox-4.3.28-1.mga4.noarch.rpm python-virtualbox-4.3.28-1.mga4.i586.rpm vboxadditions-kernel-3.14.41-desktop-1.mga4-4.3.28-1.mga4.i586.rpm vboxadditions-kernel-3.14.41-desktop586-1.mga4-4.3.28-1.mga4.i586.rpm vboxadditions-kernel-3.14.41-server-1.mga4-4.3.28-1.mga4.i586.rpm vboxadditions-kernel-desktop586-latest-4.3.28-1.mga4.i586.rpm vboxadditions-kernel-desktop-latest-4.3.28-1.mga4.i586.rpm vboxadditions-kernel-server-latest-4.3.28-1.mga4.i586.rpm virtualbox-4.3.28-1.mga4.i586.rpm virtualbox-devel-4.3.28-1.mga4.i586.rpm virtualbox-guest-additions-4.3.28-1.mga4.i586.rpm virtualbox-kernel-3.14.41-desktop-1.mga4-4.3.28-1.mga4.i586.rpm virtualbox-kernel-3.14.41-desktop586-1.mga4-4.3.28-1.mga4.i586.rpm virtualbox-kernel-3.14.41-server-1.mga4-4.3.28-1.mga4.i586.rpm virtualbox-kernel-desktop586-latest-4.3.28-1.mga4.i586.rpm virtualbox-kernel-desktop-latest-4.3.28-1.mga4.i586.rpm virtualbox-kernel-server-latest-4.3.28-1.mga4.i586.rpm x11-driver-video-vboxvideo-4.3.28-1.mga4.i586.rpm x86_64: dkms-vboxadditions-4.3.28-1.mga4.noarch.rpm dkms-virtualbox-4.3.28-1.mga4.noarch.rpm python-virtualbox-4.3.28-1.mga4.x86_64.rpm vboxadditions-kernel-3.14.41-desktop-1.mga4-4.3.28-1.mga4.x86_64.rpm vboxadditions-kernel-3.14.41-server-1.mga4-4.3.28-1.mga4.x86_64.rpm vboxadditions-kernel-desktop-latest-4.3.28-1.mga4.x86_64.rpm vboxadditions-kernel-server-latest-4.3.28-1.mga4.x86_64.rpm virtualbox-4.3.28-1.mga4.x86_64.rpm virtualbox-devel-4.3.28-1.mga4.x86_64.rpm virtualbox-guest-additions-4.3.28-1.mga4.x86_64.rpm virtualbox-kernel-3.14.41-desktop-1.mga4-4.3.28-1.mga4.x86_64.rpm virtualbox-kernel-3.14.41-server-1.mga4-4.3.28-1.mga4.x86_64.rpm virtualbox-kernel-desktop-latest-4.3.28-1.mga4.x86_64.rpm virtualbox-kernel-server-latest-4.3.28-1.mga4.x86_64.rpm x11-driver-video-vboxvideo-4.3.28-1.mga4.x86_64.rpm Reproducible: Steps to Reproduce:
Priority: Normal => High
On real hardware, M4.1, KDE, 64-bit Package(s) under test: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo nvidia-current-kernel-desktop-latest default install of: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo nvidia-current-kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 3.14.41-desktop-1.mga4 #1 SMP Thu May 7 07:24:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-3.14.41-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-4.3.26-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-4.3.26-7.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-4.3.26-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-4.3.26-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-4.3.26-7.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-4.3.26-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest Package nvidia-current-kernel-desktop-latest-331.113-7.mga4.nonfree.x86_64 is already installed [root@localhost wilcal]# lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_current Created clients: M4.1 i586 KDE Live-CD runs as a Vbox client. Screen sizes are correct. M5Final x86_64 KDE CI installed and runs as a Vbox client. Screen sizes are correct. install from updates_testing: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo nvidia-current-kernel-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 3.14.41-desktop-1.mga4 #1 SMP Thu May 7 07:24:17 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-3.14.41-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-4.3.28-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-4.3.28-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-4.3.28-1.mga4.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-4.3.28-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-4.3.28-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-4.3.28-1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest Package nvidia-current-kernel-desktop-latest-331.113-7.mga4.nonfree.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_current Clients created Pre-update: M4.1 i586 KDE Live-CD runs as a Vbox client. Screen sizes are correct. M5Final x86_64 KDE CI installed and runs as a Vbox client. Screen sizes are correct. Clients created Post-update: M5Final x86_64 Gnome Live-DVD runs as a Vbox client. Screen sizes are correct. M4.1 i586 KDE CI installed. Runs as a Vbox client. Screen sizes are correct. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver
CC: (none) => wilcal.int
Whiteboard: (none) => MGA4-64-OK
Testing complete mga4 32 Checked on all 3 kernels.
Whiteboard: MGA4-64-OK => mga4-32-ok MGA4-64-OK
Validating. Advisory uploaded. Please push to 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: mga4-32-ok MGA4-64-OK => advisory mga4-32-ok MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0228.html
Status: NEW => RESOLVEDResolution: (none) => FIXED