Bug 743143

Summary: virtualbox: setuid binaries need to be position independent
Product: [openSUSE] openSUSE 12.2 Reporter: Ludwig Nussel <lnussel>
Component: OtherAssignee: Michal Seben <mseben>
Status: VERIFIED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: Factory   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 744091    

Description Ludwig Nussel 2012-01-24 15:50:50 UTC 
virtualbox triggered the rpmlint check
"non-position-independent-executable" which means there are one or
more binaries that need to be compiled as position independent
executable.

To fix the issue add -fPIE to CFLAGS and -pie to LDFLAGS of the
binaries in question.
Comment 1 Ludwig Nussel 2012-02-27 13:41:36 UTC 
the package will fail to build next month due to this
Comment 2 Bernhard Wiedemann 2012-03-24 18:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (743143) was mentioned in
https://build.opensuse.org/request/show/110919 Factory / virtualbox
Comment 3 Michal Seben 2012-03-28 07:27:53 UTC 
fix is now in Factory, so closing as fixed
Comment 4 Swamp Workflow Management 2012-10-10 08:09:15 UTC 
openSUSE-SU-2012:1323-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (low)
Bug References: 737525,742115,743143,761923,780711
CVE References: CVE-2011-3571,CVE-2012-0105,CVE-2012-0111
Sources used:
openSUSE 12.2 (src):    virtualbox-4.1.22-1.6.1
openSUSE 12.1 (src):    virtualbox-4.1.22-3.5.1
openSUSE 11.4 (src):    virtualbox-4.0.12-0.48.1