Bug 962977 - VUL-0: virtualbox: Oracle Critical Patch Update Advisory - January 2016
VUL-0: virtualbox: Oracle Critical Patch Update Advisory - January 2016
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.1
: P3 - Medium : Major
: ---
Assigned To: Larry Finger
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-21 11:36 UTC by Johannes Segitz
Modified: 2016-04-12 10:14 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-01-21 11:36:24 UTC
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR

CVE-2015-7183: (AV:N/AC:L/Au:N/C:P/I:P/A:P): 7.5
CVE-2016-0602: (AV:L/AC:H/Au:N/C:C/I:C/A:C): 6.2
CVE-2015-5307: (AV:L/AC:L/Au:N/C:N/I:N/A:C): 4.9
CVE-2015-8104: (AV:L/AC:M/Au:N/C:N/I:N/A:C): 4.7
CVE-2016-0495: (AV:N/AC:M/Au:N/C:N/I:N/A:P): 4.3
CVE-2016-0592: (AV:L/AC:L/Au:N/C:N/I:N/A:P): 2.1
Comment 1 Swamp Workflow Management 2016-01-21 23:04:02 UTC
bugbot adjusting priority
Comment 2 Larry Finger 2016-01-22 01:21:01 UTC
CVE-2016-0495 and CVE-2016-0592 are both fixed in VirtualBox 5.0.14, which is now building for Factory, TW and Leap 42.1. Once that finishes, I will add these CVE numbers to the description.
Comment 3 Swamp Workflow Management 2016-04-12 10:14:26 UTC
openSUSE-SU-2016:1008-1: An update that solves 15 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 814440,884701,949936,951440,951542,951626,951638,953527,954018,954404,954405,954876,958439,958463,958504,959709,960561,960563,960710,961263,961500,961509,962257,962866,962977,963746,963765,963767,963931,965125,966137,966179,966259,966437,966684,966693,968018,969356,969582,970845,971125
CVE References: CVE-2015-1339,CVE-2015-7799,CVE-2015-7872,CVE-2015-7884,CVE-2015-8104,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8787,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2184,CVE-2016-2383,CVE-2016-2384
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.20-11.1, kernel-default-4.1.20-11.1, kernel-docs-4.1.20-11.3, kernel-ec2-4.1.20-11.1, kernel-obs-build-4.1.20-11.2, kernel-obs-qa-4.1.20-11.1, kernel-obs-qa-xen-4.1.20-11.1, kernel-pae-4.1.20-11.1, kernel-pv-4.1.20-11.1, kernel-source-4.1.20-11.1, kernel-syms-4.1.20-11.1, kernel-vanilla-4.1.20-11.1, kernel-xen-4.1.20-11.1