Bug 1020856 – VUL-0: CVE-2016-5545,CVE-2017-3290,CVE-2017-3316,CVE-2017-3316: VirtualBox: Oracle Critical Patch update Jan 2017

Bug 1020856 - (CVE-2016-5545) VUL-0: CVE-2016-5545,CVE-2017-3290,CVE-2017-3316,CVE-2017-3316: VirtualBox: Oracle Critical Patch update Jan 2017

(CVE-2016-5545)
Summary:	VUL-0: CVE-2016-5545,CVE-2017-3290,CVE-2017-3316,CVE-2017-3316: VirtualBox: O...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other openSUSE 42.2

Priority:	P5 - None Severity: Major
Target Milestone:	---
Assigned To:	Larry Finger
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/178889/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-01-19 10:43 UTC by Andreas Stieger
Modified:	2017-04-10 12:02 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2017-01-19 10:43:54 UTC

http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixOVIR

fixed in 5.0.32, 5.1.14:

CVE-2017-3316
CVE-2017-3332
CVE-2017-3290
CVE-2016-5545

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5545
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3290
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3316
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3332

Comment 1 Larry Finger 2017-01-19 22:43:07 UTC

VirtualBox 5.0.32 has been submitted to Leap 42.1 and Leap 42.2 Update repos.

VirtualBox 5.1.14 is ready to be submitted to Facrory and TW as soon as kernel 4.10-rc5 is available.

Comment 2 Bernhard Wiedemann 2017-01-25 03:00:39 UTC

This is an autogenerated message for OBS integration:
This bug (1020856) was mentioned in
https://build.opensuse.org/request/show/452320 42.2 / virtualbox

Comment 3 Swamp Workflow Management 2017-01-30 17:10:37 UTC

openSUSE-SU-2017:0332-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1020856
CVE References: CVE-2016-5545,CVE-2017-3290,CVE-2017-3316,CVE-2017-3332
Sources used:
openSUSE Leap 42.1 (src):    virtualbox-5.0.32-34.1

Comment 4 Swamp Workflow Management 2017-02-04 02:07:30 UTC

openSUSE-SU-2017:0382-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1020856
CVE References: CVE-2016-5545,CVE-2017-3290,CVE-2017-3316,CVE-2017-3332
Sources used:
openSUSE Leap 42.2 (src):    virtualbox-5.1.14-9.2

Comment 5 Bernhard Wiedemann 2017-04-07 00:01:25 UTC

This is an autogenerated message for OBS integration:
This bug (1020856) was mentioned in
https://build.opensuse.org/request/show/486243 42.3 / virtualbox

Comment 6 Bernhard Wiedemann 2017-04-10 12:02:18 UTC

This is an autogenerated message for OBS integration:
This bug (1020856) was mentioned in
https://build.opensuse.org/request/show/487031 42.3 / virtualbox