Bug 7503 - [UPDATE REQUEST] VirtualBox 5.1.22
: [UPDATE REQUEST] VirtualBox 5.1.22
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-11 22:21 MSK by Eugene Shatokhin
Modified: 2017-11-09 09:28 MSK (History)
4 users (show)

See Also:
RPM Package: virtualbox
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Eugene Shatokhin 2016-11-11 22:21:50 MSK
New upstream release in 5.1.x series. Should play better with the newer kernels (4.8+).
Comment 1 Eugene Shatokhin 2016-11-11 22:35:06 MSK
Advisory:
VirtualBox was updated to version 5.1.8. Changes in this version: https://www.virtualbox.org/wiki/Changelog-5.1#v8


Build lists:
i586:   https://abf.io/build_lists/2753280
x86_64: https://abf.io/build_lists/2753281
Comment 2 Eugene Shatokhin 2016-11-11 22:37:05 MSK
Posted wrong build lists, sorry. Here are the correct ones.

Advisory:
VirtualBox was updated to version 5.1.8. Changes in this version: https://www.virtualbox.org/wiki/Changelog-5.1#v8


Build lists:
i586:   https://abf.io/build_lists/2753372
x86_64: https://abf.io/build_lists/2753373
Comment 3 Vladimir Potapov 2016-11-12 19:56:50 MSK
*** Bug 7497 has been marked as a duplicate of this bug. ***
Comment 4 Vladimir Potapov 2016-11-16 15:13:03 MSK
Please, enable PAE for i586 ROSA configuration
Comment 5 Vladimir Potapov 2016-11-16 18:01:26 MSK
I found two issues
1) I can't listen any sound from VM (test on rosa linux i586)
2) ROMP can't play any video from VM (vlc work correct)
Comment 6 Eugene Shatokhin 2016-11-16 18:42:31 MSK
(In reply to comment #5)
> I found two issues
> 1) I can't listen any sound from VM (test on rosa linux i586)
> 2) ROMP can't play any video from VM (vlc work correct)

Looks like AC97 audio is broken again. Switch to Intel HD Audio, it should work.

It seems, this is a known problem in VirtualBox 5.1.x:
https://forums.virtualbox.org/viewtopic.php?f=7&t=79438&start=15
https://www.virtualbox.org/ticket/15859.

No fixes/patches yet, no suggestions from the developers since 5.1.4 either.
Comment 7 Eugene Shatokhin 2016-11-16 19:06:36 MSK
Advisory:
VirtualBox was updated to version 5.1.8. Changes in this version: https://www.virtualbox.org/wiki/Changelog-5.1#v8. Besides that, PAE is now enabled by default when creating ROSA guests.


Build lists:
i586:   https://abf.io/build_lists/2754135
x86_64: https://abf.io/build_lists/2754136
Comment 8 Vladimir Potapov 2016-11-16 19:22:37 MSK
*************************
QA Denied
Comment 9 Алзим 2016-11-23 19:31:47 MSK
Updated to version 5.1.10

https://abf.io/build_lists/2757610
https://abf.io/build_lists/2757611
Comment 10 Vladimir Potapov 2016-11-25 11:55:38 MSK
Звук починили, но если в гостевой системе ставить дополнения - они не компилятся.
Comment 11 Алзим 2016-11-25 12:03:42 MSK
Не знаю.
Я переходил с 5.0.х и у меня всё встало.
Всё прекрасно работает.
И на гостевой Винде всё работает. 
У меня ядро на хостовой 4.1.34.
Comment 12 Vladimir Potapov 2016-11-26 06:09:26 MSK
У меня воспроизводится так
1) Создаем VM на старой, с расширениями USB
2) Сохраняем снимое
3) Обновляем VM и расширение USB
4) Восстанавливаем из снимка - все работает.
5) Подключаем источники в госте и обновляем vbox_additions
Система перестает грузиться.
Comment 13 Алзим 2016-11-26 12:24:34 MSK
А в 5.1.8 эта ошибка была?
Comment 14 Vladimir Potapov 2016-11-26 16:28:32 MSK
(In reply to comment #13)
> А в 5.1.8 эта ошибка была?
да
Comment 15 Vladimir Potapov 2016-11-30 20:38:36 MSK
К сожалению, ошибка воспроизводится даже на свежеустановленном MATE.
Неизвестно, где еще эта регрессия вылезет.
*****************************************
QA Denied
Comment 16 Zombie Ryushu 2016-12-06 05:48:19 MSK
I need to make you all aware of some new CVEs you should be aware of:

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer
boundary checks, which might allow remote attackers to cause a denial of
service (integer overflow and application crash) or possibly have
unspecified other impact by leveraging unexpected malloc behavior, related
to s3_srvr.c, ssl_sess.c, and t1_lib.c (CVE-2016-2177).

The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through
1.0.2h does not properly ensure the use of constant-time operations, which
makes it easier for local users to discover a DSA private key via a timing
side-channel attack (CVE-2016-2178).

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict
the lifetime of queue entries associated with unused out-of-order messages,
which allows remote attackers to cause a denial of service (memory
consumption) by maintaining many crafted DTLS sessions simultaneously,
related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c
(CVE-2016-2179).

The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key
Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through
1.0.2h allows remote attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted time-stamp file that is mishandled
by the "openssl ts" command (CVE-2016-2180).

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0
mishandles early use of a new epoch number in conjunction with a large
sequence number, which allows remote attackers to cause a denial of service
(false-positive packet drops) via spoofed DTLS records, related to
rec_layer_d1.c and ssl3_record.c (CVE-2016-2181).

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0
mishandles early use of a new epoch number in conjunction with a large
sequence number, which allows remote attackers to cause a denial of service
(false-positive packet drops) via spoofed DTLS records, related to
rec_layer_d1.c and ssl3_record.c (CVE-2016-2182).

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols
and other protocols and products, have a birthday bound of approximately
four billion blocks, which makes it easier for remote attackers to obtain
cleartext data via a birthday attack against a long-duration encrypted
session, as demonstrated by an HTTPS session using Triple DES in CBC mode,
aka a "Sweet32" attack (CVE-2016-2183).

Unspecified vulnerability in the Oracle VM VirtualBox component before
5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users
to affect confidentiality, integrity, and availability via vectors related
to Core, a different vulnerability than CVE-2016-5538 (CVE-2016-5501).

Unspecified vulnerability in the Oracle VM VirtualBox component before
5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users
to affect confidentiality, integrity, and availability via vectors related
to Core, a different vulnerability than CVE-2016-5501 (CVE-2016-5538).

Unspecified vulnerability in the Oracle VM VirtualBox component before 
5.1.4 in Oracle Virtualization allows remote attackers to affect
confidentiality and integrity via vectors related to VRDE (CVE-2016-5605).

Unspecified vulnerability in the Oracle VM VirtualBox component before
5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users
to affect availability via vectors related to Core, a different
vulnerability than CVE-2016-5613 (CVE-2016-5608).

Unspecified vulnerability in the Oracle VM VirtualBox component before
5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users
to affect confidentiality, integrity, and availability via vectors related
to Core (CVE-2016-5610, CVE-2016-5611)

Unspecified vulnerability in the Oracle VM VirtualBox component before
5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users
to affect availability via vectors related to Core, a different
vulnerability than CVE-2016-5608 (CVE-2016-5613).

The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0
does not consider the HMAC size during validation of the ticket length,
which allows remote attackers to cause a denial of service via a ticket
that is too short (CVE-2016-6302).

Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c
in OpenSSL before 1.1.0 allows remote attackers to cause a denial of
service (out-of-bounds write and application crash) or possibly have
unspecified other impact via unknown vectors (CVE-2016-6303).

Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before
1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial
of service (memory consumption) via large OCSP Status Request extensions
(CVE-2016-6304).

The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0
before 1.1.0a allows remote attackers to cause a denial of service
(infinite loop) by triggering a zero-length record in an SSL_peek call
(CVE-2016-6305).

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i
might allow remote attackers to cause a denial of service (out-of-bounds
read) via crafted certificate operations, related to s3_clnt.c and
s3_srvr.c (CVE-2016-6306).

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates
memory before checking for an excessive length, which might allow remote
attackers to cause a denial of service (memory consumption) via crafted
TLS messages, related to statem/statem.c and statem/statem_lib.c
(CVE-2016-6307).

statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before
1.1.0a allocates memory before checking for an excessive length, which
might allow remote attackers to cause a denial of service (memory
consumption) via crafted DTLS messages (CVE-2016-6308).

statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement
after a realloc call, which allows remote attackers to cause a denial of
service (use-after-free) or possibly execute arbitrary code via a crafted
TLS session (CVE-2016-6309).

crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause
a denial of service (NULL pointer dereference and application crash) by
triggering a CRL operation (CVE-2016-7052).

For other fixes in this update, read the referenced changelog.
Comment 17 Zombie Ryushu 2016-12-06 05:49:52 MSK
If, under Rosa 2014.1 it is only possible to run the latest patch to 5.0.x thats fine by me as long as the CVEs are taken care of.
Comment 18 Zombie Ryushu 2017-03-24 20:56:10 MSK
VirtualBox update to version 5.1.14 fixes the following security issues
 - CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox
allows unauthenticated attacker unauthorized update, insert or delete
access to some data as well as unauthorized read access to a subset of
VirtualBox accessible data and unauthorized ability to cause a partial
denial of service (bsc#1020856).
- CVE-2017-3290: Vulnerability in the Shared Folder subcomponent of
virtualbox allows high privileged attacker unauthorized creation,
deletion or modification access to critical data and unauthorized
ability to cause a hang or frequently repeatable crash (bsc#1020856).
- CVE-2017-3316: Vulnerability in the GUI subcomponent of virtualbox
allows high privileged attacker with network access via multiple
protocols to compromise Oracle VM VirtualBox (bsc#1020856).
- CVE-2017-3332: Vulnerability in the SVGA Emulation subcomponent of
virtualbox allows low privileged attacker unauthorized creation,
deletion or modification access to critical data and unauthorized
ability to cause a hang or frequently repeatable crash (bsc#1020856).
Comment 19 Zombie Ryushu 2017-05-10 15:52:19 MSD
This update provides virtualbox 5.1.22 maintenance release and resolves
atleast the following security issues:

A vulnerability in the core subcomponent of virtualbox allows high privilegied
attacker unauthorized read access to a subset of VirtualBox accessible data
(CVE-2017-3513).

A vulnerability in the core subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause hang or frequently repeatable crash resulting
in denialv of service (CVE-2017-3558).

Vulnerabilities in the core subcomponent of virtualbox allows unauthenticated
attacker unauthorized update, insert or delete access to some data as well
as unauthorized read access to a subset of VirtualBox accessible data and
unauthorized ability to cause hang or frequently repeatable crash resulting
in denial of service (CVE-2017-3559, CVE-2017-3575).

Vulnerabilities in the core subcomponent of virtualbox allows low privilegied
attacker to fully compromise virtualbox (CVE-2017-3561, CVE-2017-3563,
CVE-2017-3576).

A vulnerability in the Shared Folder subcomponent of virtualbox allows high
privileged attacker unauthorized creation, deletion or modification access
to critical data, unauthorized access to critical data to all virtualbox
accessible data and unauthorized ability to cause a hang or frequently
repeatable crash (CVE-2017-3587).
Comment 20 Denis Silakov 2017-11-09 09:28:44 MSK
Currently we have 5.1.30, no need to keep this bug open.