Bug 976636 (CVE-2016-0678)

Summary: VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM VirtualBox
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Larry Finger <Larry.Finger>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.1   
URL: https://smash.suse.de/issue/168138/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Johannes Segitz 2016-04-21 13:54:58 UTC
CVE-2016-0678

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox before 5.0.18 allows local users to affect
confidentiality, integrity, and availability via vectors related to Core.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0678
Comment 1 Larry Finger 2016-04-21 14:33:02 UTC
This vulnerability is fixed in VirtualBox version 5.0.18, which is currently building on Factory. It will soon be submitted to the Leap 42.1 Update repo.

At the moment, no fix is available for VB 4.3.X, which is used by openSUSE 13.2. Perhaps it is time to switch to 5.0.X for 13.2.
Comment 2 Swamp Workflow Management 2016-04-21 22:00:59 UTC
bugbot adjusting priority
Comment 3 Larry Finger 2016-05-08 18:57:29 UTC
VB version 5.0.18 fixes thos vulnerability. It has been submitted to OBS for TW, Leap 42.1 and openSUSE 13.2.
Comment 4 Swamp Workflow Management 2016-05-31 17:08:08 UTC
openSUSE-SU-2016:1451-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 976636,977200,977328
CVE References: CVE-2016-0678
Sources used:
openSUSE Leap 42.1 (src):    virtualbox-5.0.18-16.1