Bug 914447

Summary: VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jsegitz, meissner, security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 13.1   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: virtualbox cve 0418

Description Victor Pereira 2015-01-23 08:21:30 UTC 
Oracle released the critical patch updates for January, 2015.

More information can be found here http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR


The following CVES were fixed in this update:

CVE-2014-0224
CVE-2015-0377
CVE-2014-6595
CVE-2014-6588
CVE-2014-6589
CVE-2014-6590
CVE-2015-0427
CVE-2015-0418
Comment 1 Swamp Workflow Management 2015-01-23 23:00:58 UTC 
bugbot adjusting priority
Comment 2 Tomáš Chvátal 2015-01-27 14:52:40 UTC 
Created attachment 621042 [details]
virtualbox cve 0418

From what I read we only should care for CVE-2015-0418 rest are not really needed for us.

Also what product should I do the maintenance update for? When I checked we have branch for sle11 and sle11sp1:

SUSE:SLE-11-SP1:GA              virtualbox-ose  2.0.6  6    d94c47ac89abfa8b222a3d344ff81105
SUSE:SLE-11:GA                  virtualbox-ose  2.0.6  4    8289ebefaf18a8c3aa18e522382ae19e

I have found the patch for it in debian bug tracker so let me know if I should proceed like this and submit it to SP1 or the GA branch.
Comment 3 Marcus Meissner 2015-01-27 16:22:06 UTC 
we do not ship Virtualbox on SLES at all.

fixes fopr "virtualbox" on 13.1, 13.2 and factory  are needed
Comment 4 Bernhard Wiedemann 2015-01-28 11:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (914447) was mentioned in
https://build.opensuse.org/request/show/283095 13.2+13.1 / virtualbox
Comment 5 Tomáš Chvátal 2015-01-28 11:05:41 UTC 
Ok should be done. Let me know if something is amiss.
Comment 6 Swamp Workflow Management 2015-02-06 17:04:53 UTC 
openSUSE-SU-2015:0229-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 914447
CVE References: CVE-2014-0224,CVE-2014-6588,CVE-2014-6589,CVE-2014-6590,CVE-2014-6595,CVE-2015-0377,CVE-2015-0418,CVE-2015-0427
Sources used:
openSUSE 13.2 (src):    virtualbox-4.3.20-7.1
openSUSE 13.1 (src):    virtualbox-4.2.28-2.25.1
Comment 7 Johannes Segitz 2015-02-12 08:46:26 UTC 
updates released
Comment 8 Bernhard Wiedemann 2015-06-24 12:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (914447) was mentioned in
https://build.opensuse.org/request/show/313414 Factory / virtualbox