Bug 914447 - VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug
VUL-0: virtualbox-ose: Oracle january 2015 Patchday: VirtualBox tracker bug
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other openSUSE 13.1
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-01-23 08:21 UTC by Victor Pereira
Modified: 2015-06-24 12:00 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

virtualbox cve 0418 (1.71 KB, patch)
2015-01-27 14:52 UTC, Tomáš Chvátal
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-01-23 08:21:30 UTC
Oracle released the critical patch updates for January, 2015.

More information can be found here http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixOVIR

The following CVES were fixed in this update:

Comment 1 Swamp Workflow Management 2015-01-23 23:00:58 UTC
bugbot adjusting priority
Comment 2 Tomáš Chvátal 2015-01-27 14:52:40 UTC
Created attachment 621042 [details]
virtualbox cve 0418

From what I read we only should care for CVE-2015-0418 rest are not really needed for us.

Also what product should I do the maintenance update for? When I checked we have branch for sle11 and sle11sp1:

SUSE:SLE-11-SP1:GA              virtualbox-ose  2.0.6  6    d94c47ac89abfa8b222a3d344ff81105
SUSE:SLE-11:GA                  virtualbox-ose  2.0.6  4    8289ebefaf18a8c3aa18e522382ae19e

I have found the patch for it in debian bug tracker so let me know if I should proceed like this and submit it to SP1 or the GA branch.
Comment 3 Marcus Meissner 2015-01-27 16:22:06 UTC
we do not ship Virtualbox on SLES at all.

fixes fopr "virtualbox" on 13.1, 13.2 and factory  are needed
Comment 4 Bernhard Wiedemann 2015-01-28 11:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (914447) was mentioned in
https://build.opensuse.org/request/show/283095 13.2+13.1 / virtualbox
Comment 5 Tomáš Chvátal 2015-01-28 11:05:41 UTC
Ok should be done. Let me know if something is amiss.
Comment 6 Swamp Workflow Management 2015-02-06 17:04:53 UTC
openSUSE-SU-2015:0229-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 914447
CVE References: CVE-2014-0224,CVE-2014-6588,CVE-2014-6589,CVE-2014-6590,CVE-2014-6595,CVE-2015-0377,CVE-2015-0418,CVE-2015-0427
Sources used:
openSUSE 13.2 (src):    virtualbox-4.3.20-7.1
openSUSE 13.1 (src):    virtualbox-4.2.28-2.25.1
Comment 7 Johannes Segitz 2015-02-12 08:46:26 UTC
updates released
Comment 8 Bernhard Wiedemann 2015-06-24 12:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (914447) was mentioned in
https://build.opensuse.org/request/show/313414 Factory / virtualbox