Bug 914447 – VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug

Bug 914447 - VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug


Summary:	VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other openSUSE 13.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-01-23 08:21 UTC by Victor Pereira
Modified:	2015-06-24 12:00 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
virtualbox cve 0418 (1.71 KB, patch) 2015-01-27 14:52 UTC, Tomáš Chvátal	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2015-01-23 08:21:30 UTC

Oracle released the critical patch updates for January, 2015.

More information can be found here http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR


The following CVES were fixed in this update:

CVE-2014-0224
CVE-2015-0377
CVE-2014-6595
CVE-2014-6588
CVE-2014-6589
CVE-2014-6590
CVE-2015-0427
CVE-2015-0418

Comment 1 Swamp Workflow Management 2015-01-23 23:00:58 UTC

bugbot adjusting priority

Comment 2 Tomáš Chvátal 2015-01-27 14:52:40 UTC

Created attachment 621042 [details]
virtualbox cve 0418

From what I read we only should care for CVE-2015-0418 rest are not really needed for us.

Also what product should I do the maintenance update for? When I checked we have branch for sle11 and sle11sp1:

SUSE:SLE-11-SP1:GA              virtualbox-ose  2.0.6  6    d94c47ac89abfa8b222a3d344ff81105
SUSE:SLE-11:GA                  virtualbox-ose  2.0.6  4    8289ebefaf18a8c3aa18e522382ae19e

I have found the patch for it in debian bug tracker so let me know if I should proceed like this and submit it to SP1 or the GA branch.

Comment 3 Marcus Meissner 2015-01-27 16:22:06 UTC

we do not ship Virtualbox on SLES at all.

fixes fopr "virtualbox" on 13.1, 13.2 and factory  are needed

Comment 4 Bernhard Wiedemann 2015-01-28 11:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (914447) was mentioned in
https://build.opensuse.org/request/show/283095 13.2+13.1 / virtualbox

Comment 5 Tomáš Chvátal 2015-01-28 11:05:41 UTC

Ok should be done. Let me know if something is amiss.

Comment 6 Swamp Workflow Management 2015-02-06 17:04:53 UTC

openSUSE-SU-2015:0229-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 914447
CVE References: CVE-2014-0224,CVE-2014-6588,CVE-2014-6589,CVE-2014-6590,CVE-2014-6595,CVE-2015-0377,CVE-2015-0418,CVE-2015-0427
Sources used:
openSUSE 13.2 (src):    virtualbox-4.3.20-7.1
openSUSE 13.1 (src):    virtualbox-4.2.28-2.25.1

Comment 7 Johannes Segitz 2015-02-12 08:46:26 UTC

updates released

Comment 8 Bernhard Wiedemann 2015-06-24 12:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (914447) was mentioned in
https://build.opensuse.org/request/show/313414 Factory / virtualbox