Bugzilla – Bug 962977
VUL-0: virtualbox: Oracle Critical Patch Update Advisory - January 2016
Last modified: 2016-04-12 10:14:26 UTC
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR CVE-2015-7183: (AV:N/AC:L/Au:N/C:P/I:P/A:P): 7.5 CVE-2016-0602: (AV:L/AC:H/Au:N/C:C/I:C/A:C): 6.2 CVE-2015-5307: (AV:L/AC:L/Au:N/C:N/I:N/A:C): 4.9 CVE-2015-8104: (AV:L/AC:M/Au:N/C:N/I:N/A:C): 4.7 CVE-2016-0495: (AV:N/AC:M/Au:N/C:N/I:N/A:P): 4.3 CVE-2016-0592: (AV:L/AC:L/Au:N/C:N/I:N/A:P): 2.1
bugbot adjusting priority
CVE-2016-0495 and CVE-2016-0592 are both fixed in VirtualBox 5.0.14, which is now building for Factory, TW and Leap 42.1. Once that finishes, I will add these CVE numbers to the description.
openSUSE-SU-2016:1008-1: An update that solves 15 vulnerabilities and has 26 fixes is now available. Category: security (important) Bug References: 814440,884701,949936,951440,951542,951626,951638,953527,954018,954404,954405,954876,958439,958463,958504,959709,960561,960563,960710,961263,961500,961509,962257,962866,962977,963746,963765,963767,963931,965125,966137,966179,966259,966437,966684,966693,968018,969356,969582,970845,971125 CVE References: CVE-2015-1339,CVE-2015-7799,CVE-2015-7872,CVE-2015-7884,CVE-2015-8104,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8787,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2184,CVE-2016-2383,CVE-2016-2384 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.20-11.1, kernel-default-4.1.20-11.1, kernel-docs-4.1.20-11.3, kernel-ec2-4.1.20-11.1, kernel-obs-build-4.1.20-11.2, kernel-obs-qa-4.1.20-11.1, kernel-obs-qa-xen-4.1.20-11.1, kernel-pae-4.1.20-11.1, kernel-pv-4.1.20-11.1, kernel-source-4.1.20-11.1, kernel-syms-4.1.20-11.1, kernel-vanilla-4.1.20-11.1, kernel-xen-4.1.20-11.1