Bug 976636 - (CVE-2016-0678) VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM VirtualBox
(CVE-2016-0678)
VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.1
: P3 - Medium : Normal
: ---
Assigned To: Larry Finger
Security Team bot
https://smash.suse.de/issue/168138/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-21 13:54 UTC by Johannes Segitz
Modified: 2016-05-31 17:08 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-04-21 13:54:58 UTC
CVE-2016-0678

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox before 5.0.18 allows local users to affect
confidentiality, integrity, and availability via vectors related to Core.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0678
Comment 1 Larry Finger 2016-04-21 14:33:02 UTC
This vulnerability is fixed in VirtualBox version 5.0.18, which is currently building on Factory. It will soon be submitted to the Leap 42.1 Update repo.

At the moment, no fix is available for VB 4.3.X, which is used by openSUSE 13.2. Perhaps it is time to switch to 5.0.X for 13.2.
Comment 2 Swamp Workflow Management 2016-04-21 22:00:59 UTC
bugbot adjusting priority
Comment 3 Larry Finger 2016-05-08 18:57:29 UTC
VB version 5.0.18 fixes thos vulnerability. It has been submitted to OBS for TW, Leap 42.1 and openSUSE 13.2.
Comment 4 Swamp Workflow Management 2016-05-31 17:08:08 UTC
openSUSE-SU-2016:1451-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 976636,977200,977328
CVE References: CVE-2016-0678
Sources used:
openSUSE Leap 42.1 (src):    virtualbox-5.0.18-16.1