Bug 18236 - virtualbox new security issue CVE-2016-0678
Summary: virtualbox new security issue CVE-2016-0678
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/689384/
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK a...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2016-04-21 20:48 CEST by David Walser
Modified: 2016-06-17 07:58 CEST (History)
6 users (show)

See Also:
Source RPM: virtualbox-5.0.16-1.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-04-21 20:48:18 CEST
The April 2016 Oracle CPU shows a security issue fixed in VirtualBox 5.0.18:
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Comment 1 Thomas Backlund 2016-05-05 13:19:59 CEST
Advisory:
Updated virtualbox packages fixes security and other bugs.

This update provides virtualbox 5.0.20 maintenance release, and fixes
the following security issue:

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
(CVE-2016-0678)

For other fixes in this update, see the referenced changelog.

References:
https://www.virtualbox.org/wiki/Changelog



SRPMS:
kmod-virtualbox-5.0.20-1.mga5.src.rpm
kmod-virtualbox-5.0.20-2.mga5.src.rpm
virtualbox-5.0.20-1.mga5.src.rpm

i586:
dkms-vboxadditions-5.0.20-1.mga5.noarch.rpm
dkms-virtualbox-5.0.20-1.mga5.noarch.rpm
python-virtualbox-5.0.20-1.mga5.i586.rpm
vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.i586.rpm
vboxadditions-kernel-4.1.15-desktop586-2.mga5-5.0.20-1.mga5.i586.rpm
vboxadditions-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.i586.rpm
vboxadditions-kernel-desktop586-latest-5.0.20-1.mga5.i586.rpm
vboxadditions-kernel-desktop-latest-5.0.20-1.mga5.i586.rpm
vboxadditions-kernel-server-latest-5.0.20-1.mga5.i586.rpm
virtualbox-5.0.20-1.mga5.i586.rpm
virtualbox-devel-5.0.20-1.mga5.i586.rpm
virtualbox-guest-additions-5.0.20-1.mga5.i586.rpm
virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.i586.rpm
virtualbox-kernel-4.1.15-desktop586-2.mga5-5.0.20-1.mga5.i586.rpm
virtualbox-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.i586.rpm
virtualbox-kernel-desktop586-latest-5.0.20-1.mga5.i586.rpm
virtualbox-kernel-desktop-latest-5.0.20-1.mga5.i586.rpm
virtualbox-kernel-server-latest-5.0.20-1.mga5.i586.rpm
x11-driver-video-vboxvideo-5.0.20-1.mga5.i586.rpm

x86_64:
dkms-vboxadditions-5.0.20-1.mga5.noarch.rpm
dkms-virtualbox-5.0.20-1.mga5.noarch.rpm
python-virtualbox-5.0.20-1.mga5.x86_64.rpm
vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.x86_64.rpm
vboxadditions-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.0.20-1.mga5.x86_64.rpm
vboxadditions-kernel-server-latest-5.0.20-1.mga5.x86_64.rpm
virtualbox-5.0.20-1.mga5.x86_64.rpm
virtualbox-devel-5.0.20-1.mga5.x86_64.rpm
virtualbox-guest-additions-5.0.20-1.mga5.x86_64.rpm
virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.x86_64.rpm
virtualbox-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.x86_64.rpm
virtualbox-kernel-desktop-latest-5.0.20-1.mga5.x86_64.rpm
virtualbox-kernel-server-latest-5.0.20-1.mga5.x86_64.rpm
x11-driver-video-vboxvideo-5.0.20-1.mga5.x86_64.rpm

Assignee: tmb => qa-bugs

Comment 2 Thomas Backlund 2016-05-05 13:53:33 CEST
Typo in SRPMS, should be:

SRPMS:
kmod-vboxadditions-5.0.20-1.mga5.src.rpm
kmod-virtualbox-5.0.20-1.mga5.src.rpm
virtualbox-5.0.20-1.mga5.src.rpm

CC: (none) => tmb

Thomas Backlund 2016-05-05 15:33:35 CEST

Blocks: (none) => 18031

Comment 3 claire robinson 2016-05-06 11:08:58 CEST
Note: These packages should work with kernel 4.1.15
Comment 4 claire robinson 2016-05-06 11:46:35 CEST
The virtualbox-kernel-desktop-latest requires kernel 4.4.9 Thomas.

To satisfy dependencies, the following package(s) also need to be installed:

- btrfs-progs-4.4.1-1.mga5.x86_64
- dracut-038-21.mga5.x86_64
- kernel-desktop-4.4.9-1.mga5-1-1.mga5.x86_64
- kernel-firmware-20160409-1.mga5.noarch
- lib64btrfs0-4.4.1-1.mga5.x86_64
- virtualbox-kernel-4.4.9-desktop-1.mga5-5.0.20-2.mga5.x86_64

Whiteboard: (none) => feedback

Comment 5 Thomas Backlund 2016-05-06 11:53:49 CEST
That's because the builds are done for both 4.1.15-2 and 4.4.9-1 at the same time, so you need to be specific and install 

virtualbox-kernel-desktop-latest-5.0.20-1.mga5

(note the .1.mga5 for 4.1.15-2 and .2.mga5 for 4.4.9-1)

Sorry for not being more specific about this

Whiteboard: feedback => (none)

Comment 6 claire robinson 2016-05-06 11:56:36 CEST
That makes things difficult :\ Confirmed though. Two versions in testing at once.

# urpmq --requires --media Testing virtualbox-kernel-desktop-latest    

virtualbox-kernel-desktop-latest: virtualbox-kernel-4.4.9-desktop-1.mga5[== 5.0.20-2.mga5]
virtualbox-kernel-desktop-latest: virtualbox-kernel-4.1.15-desktop-2.mga5[== 5.0.20-1.mga5]
Comment 7 claire robinson 2016-05-06 12:02:51 CEST
Testing mga5 64

It's not possible to use MageiaUpdate to install these packages, instead use..

# urpmi virtualbox-kernel-desktop-latest-5.0.20-1.mga5 vboxadditions-kernel-desktop-latest-5.0.20-1.mga5
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "Core Updates Testing")
  vboxadditions-kernel-4.1.15-d> 5.0.20       1.mga5        x86_64  
  vboxadditions-kernel-desktop-> 5.0.20       1.mga5        x86_64  
  virtualbox                     5.0.20       1.mga5        x86_64  
  virtualbox-kernel-4.1.15-desk> 5.0.20       1.mga5        x86_64  
  virtualbox-kernel-desktop-lat> 5.0.20       1.mga5        x86_64  
177KB of additional disk space will be used.
25MB of packages will be retrieved.
Proceed with the installation of the 5 packages? (Y/n) y

Whiteboard: (none) => has_procedure

claire robinson 2016-05-06 12:33:10 CEST

Summary: virtualbox new security issue CVE-2016-0678 => virtualbox new security issue CVE-2016-0678 for kernel 4.1.15

David Walser 2016-05-06 12:34:38 CEST

Summary: virtualbox new security issue CVE-2016-0678 for kernel 4.1.15 => virtualbox new security issue CVE-2016-0678 (+ kmod update for kernel 4.1.15)

Comment 8 David Walser 2016-05-06 17:11:53 CEST
Installed the updated packages (both kernel and virtualbox ones) on a Mageia 5 x86_64 host and Mageia 5 i586 VM.  Now X won't start in the VM and plymouth-quit-wait.service fails.  The console during boot starts at a small size (which is normal), then once the kernel starts loading expands to its correct size, but now during the boot shrinks back to a smaller size, which is also abnormal.  I tried regenerating the initrd again, but that didn't help.
Comment 9 Thomas Andrews 2016-05-07 04:23:45 CEST
Installed the appropriate vbox and server kernel updates, including nvidia 340 packages, in a Mageia 5 x86_64 host and guest. 

All seems to be working as expected.

CC: (none) => andrewsfarm

Comment 10 Thomas Andrews 2016-05-07 04:54:33 CEST
Same host as Comment 9, i586 Mageia 5 guest. All seems to be as it should be.
Comment 11 Thomas Andrews 2016-05-08 15:50:13 CEST
Same hardware as Comment 9, 32-bit install, virtualbox and 4.4.9 server kernel updates done at the same time.

All appears to have been successful.
Comment 12 David Walser 2016-05-09 01:25:14 CEST
(In reply to David Walser from comment #8)
> Installed the updated packages (both kernel and virtualbox ones) on a Mageia
> 5 x86_64 host and Mageia 5 i586 VM.  Now X won't start in the VM and
> plymouth-quit-wait.service fails.  The console during boot starts at a small
> size (which is normal), then once the kernel starts loading expands to its
> correct size, but now during the boot shrinks back to a smaller size, which
> is also abnormal.  I tried regenerating the initrd again, but that didn't
> help.

Same behavior on my Mageia 5 i586 VM at home, console gets smaller during the boot process and X doesn't start.  This is definitely broken.

VM at work is using the kmod packages and VM at home is using dkms packages.

Whiteboard: has_procedure => has_procedure feedback

Comment 13 David Walser 2016-05-09 01:43:02 CEST
Note that the issue presents itself on either kernel (4.1.15 or 4.4.9).  It also appears that the console shrinking happens at the moment the VirtualBox kernel modules load in the VM.
Comment 14 Thomas Backlund 2016-05-09 14:55:46 CEST
(In reply to David Walser from comment #13)
> Note that the issue presents itself on either kernel (4.1.15 or 4.4.9).  It
> also appears that the console shrinking happens at the moment the VirtualBox
> kernel modules load in the VM.

Yeah, since 5.0.18 upstream virtualbox is trying to fix behaviour to improve acceleration / play nice with system mesa... but it's still WIP apparently...

Do you have any /etc/X11/xorg.conf on the affected vm?

If so, can you rename it / move out of the way and restart?

Does it change anything ?
Comment 15 David Walser 2016-05-09 14:59:17 CEST
Renaming xorg.conf doesn't change anything.
Comment 16 Thomas Backlund 2016-05-09 15:05:16 CEST
Hm, vbox upstream suggests to downgrade additions/vboxvideo to 5.0.16 to see if that restores functions (while the rest is still 5.0.20)
Comment 17 David Walser 2016-05-09 15:22:33 CEST
(In reply to Thomas Backlund from comment #16)
> Hm, vbox upstream suggests to downgrade additions/vboxvideo to 5.0.16 to see
> if that restores functions (while the rest is still 5.0.20)

In other words, that means downgrading *all* of the relevant packages in the guest, so yes, of course that fixes it.  If using the kmod packages (as I am in the VM at work) it also means going back to kernel 4.1.15.  I'm sure using dkms with 5.0.16 and kernel 4.4.9 would be fine too, clearly the guest side of VirtualBox 5.0.20 is broken.
Comment 18 claire robinson 2016-05-18 18:59:45 CEST
Assigning Thomas til it's ready.

CC: (none) => qa-bugs
Assignee: qa-bugs => tmb
Whiteboard: has_procedure feedback => has_procedure

Thomas Backlund 2016-05-24 13:47:03 CEST

Blocks: 18031 => (none)

Comment 19 David Walser 2016-06-01 17:12:49 CEST
OpenSuSE has issued an advisory for this today (June 1):
https://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html

Summary: virtualbox new security issue CVE-2016-0678 (+ kmod update for kernel 4.1.15) => virtualbox new security issue CVE-2016-0678

David Walser 2016-06-01 19:14:33 CEST

URL: (none) => http://lwn.net/Vulnerabilities/689384/

Comment 20 David Walser 2016-06-11 21:00:43 CEST
With the host upgraded to kernel 4.4.13, virtualbox/dkms-virtualbox 5.0.20 on the host, and kernel 4.4.9 and virtualbox-guest-additions/dkms-vboxadditions/x11-driver-video-vboxvideo 5.0.20 in my Mageia 5 VM at home, everything, even the GUI is working now.

I'll have to confirm this on my VM at work where I first noticed the GUI problem, but I have seen reports that removing /etc/X11/xorg.conf can fix that too.

I think we may be able to move forward with this and release it.
Comment 21 David Walser 2016-06-13 14:49:45 CEST
Confirmed it's working again on my VM at work.  I think we can rebuild the 5.0.20 update and push it now.
Comment 22 Thomas Backlund 2016-06-13 20:52:10 CEST
Yep, that was always the plan to try again as soon as 4.4. series kernels got pushed...

I've just verified that Mageia 6 -sta1 live isos works with 5.0.20 host...

so new rpms for test:


SRPMS:
kmod-vboxadditions-5.0.20-3.mga5.src.rpm
kmod-virtualbox-5.0.20-3.mga5.src.rpm
virtualbox-5.0.20-1.1.mga5.src.rpm


i586:
dkms-vboxadditions-5.0.20-1.1.mga5.noarch.rpm
dkms-virtualbox-5.0.20-1.1.mga5.noarch.rpm
python-virtualbox-5.0.20-1.1.mga5.i586.rpm
vboxadditions-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.i586.rpm
vboxadditions-kernel-4.4.13-desktop586-1.mga5-5.0.20-3.mga5.i586.rpm
vboxadditions-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.i586.rpm
vboxadditions-kernel-desktop586-latest-5.0.20-3.mga5.i586.rpm
vboxadditions-kernel-desktop-latest-5.0.20-3.mga5.i586.rpm
vboxadditions-kernel-server-latest-5.0.20-3.mga5.i586.rpm
virtualbox-5.0.20-1.1.mga5.i586.rpm
virtualbox-devel-5.0.20-1.1.mga5.i586.rpm
virtualbox-guest-additions-5.0.20-1.1.mga5.i586.rpm
virtualbox-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.i586.rpm
virtualbox-kernel-4.4.13-desktop586-1.mga5-5.0.20-3.mga5.i586.rpm
virtualbox-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.i586.rpm
virtualbox-kernel-desktop586-latest-5.0.20-3.mga5.i586.rpm
virtualbox-kernel-desktop-latest-5.0.20-3.mga5.i586.rpm
virtualbox-kernel-server-latest-5.0.20-3.mga5.i586.rpm
x11-driver-video-vboxvideo-5.0.20-1.1.mga5.i586.rpm



x86_64:
dkms-vboxadditions-5.0.20-1.1.mga5.noarch.rpm
dkms-virtualbox-5.0.20-1.1.mga5.noarch.rpm
python-virtualbox-5.0.20-1.1.mga5.x86_64.rpm
vboxadditions-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.x86_64.rpm
vboxadditions-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.0.20-3.mga5.x86_64.rpm
vboxadditions-kernel-server-latest-5.0.20-3.mga5.x86_64.rpm
virtualbox-5.0.20-1.1.mga5.x86_64.rpm
virtualbox-devel-5.0.20-1.1.mga5.x86_64.rpm
virtualbox-guest-additions-5.0.20-1.1.mga5.x86_64.rpm
virtualbox-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.x86_64.rpm
virtualbox-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.x86_64.rpm
virtualbox-kernel-desktop-latest-5.0.20-3.mga5.x86_64.rpm
virtualbox-kernel-server-latest-5.0.20-3.mga5.x86_64.rpm
x11-driver-video-vboxvideo-5.0.20-1.1.mga5.x86_64.rpm

Assignee: tmb => qa-bugs

Comment 23 David Walser 2016-06-13 21:32:34 CEST
Tested fine at work on Mageia 5 x86_64.  Will test at home on i586 hopefully tomorrow.

Whiteboard: has_procedure => has_procedure MGA5-64-OK

Comment 24 William Kenney 2016-06-14 22:34:39 CEST
On real hardware, M5, KDE, 64-bit

Package(s) under test:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
nvidia-current-kernel-desktop-latest

default install of:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
nvidia-current-kernel-desktop-latest

[root@localhost wilcal]# uname -a
Linux localhost 4.4.13-desktop-1.mga5 #1 SMP Fri Jun 10 12:16:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.13-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.0.16-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.0.16-6.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.0.16-1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.0.16-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.0.16-6.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.0.16-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest
Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed
[root@localhost wilcal]# lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_current

Created clients:
M5 i586 Gnome Live-CD runs as a Vbox client. Screen sizes are correct. Sound ok
M5 i586 KDE Live-CD installed, updates and runs as a Vbox client. Screen sizes are correct. Sound ok

install from updates_testing:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
nvidia-current-kernel-desktop-latest
from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 4.4.13-desktop-1.mga5 #1 SMP Fri Jun 10 12:16:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.4.13-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.0.20-1.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.0.20-3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.0.20-1.1.mga5.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.0.20-1.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.0.20-3.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.0.20-1.1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest
Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_current

Clients created Pre-update:
M5 i586 Gnome Live-CD runs as a Vbox client. Screen sizes are correct. Sound ok
M5 i586 KDE Live-CD runs as a Vbox client. Screen sizes are correct. Sound ok

Clients created Post-update:
M5 x86_64 Gnome Live-DVD runs as a Vbox client. Screen sizes are correct. Sound ok
M5 x86_64 KDE CI installed, updates and runs as a Vbox client. Screen sizes are correct. Sound ok

Vbox extentions work pre and post updates.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver

CC: (none) => wilcal.int

Comment 25 David Walser 2016-06-15 00:40:23 CEST
Works fine at home too, Mageia 5 i586 guest and host.

At work I have just about every OS imaginable as guests, so this can be validated.

Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK

Comment 26 Thomas Andrews 2016-06-15 03:52:34 CEST
Works well here, too. Guest additions installed in 32-bit and 64-bit Mageia 5 guests with no problems. Shared folders continued to be shared.

XP guest booted successfully, and scolded me for my anti-virus being out-of-date, while my anti-virus reported that my system was secure. In short, everything perfectly normal.
Comment 27 Lewis Smith 2016-06-15 21:34:54 CEST
Validating to get it off the list.
Advisory to follow.

Keywords: (none) => validated_update
CC: (none) => lewyssmith, sysadmin-bugs

Comment 28 Thomas Backlund 2016-06-17 07:40:35 CEST
advisory added

Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory

Comment 29 Mageia Robot 2016-06-17 07:58:49 CEST
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0226.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.