976636 – (CVE-2016-0678) VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM VirtualBox

Bug 976636 (CVE-2016-0678) - VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM VirtualBox

Summary: VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM ...

Status:	RESOLVED FIXED

Alias:	CVE-2016-0678

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 42.1

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Larry Finger
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/168138/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-04-21 13:54 UTC by Johannes Segitz
Modified:	2016-05-31 17:08 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2016-04-21 13:54:58 UTC

CVE-2016-0678

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle
Virtualization VirtualBox before 5.0.18 allows local users to affect
confidentiality, integrity, and availability via vectors related to Core.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0678

Comment 1 Larry Finger 2016-04-21 14:33:02 UTC

This vulnerability is fixed in VirtualBox version 5.0.18, which is currently building on Factory. It will soon be submitted to the Leap 42.1 Update repo.

At the moment, no fix is available for VB 4.3.X, which is used by openSUSE 13.2. Perhaps it is time to switch to 5.0.X for 13.2.

Comment 2 Swamp Workflow Management 2016-04-21 22:00:59 UTC

bugbot adjusting priority

Comment 3 Larry Finger 2016-05-08 18:57:29 UTC

VB version 5.0.18 fixes thos vulnerability. It has been submitted to OBS for TW, Leap 42.1 and openSUSE 13.2.

Comment 4 Swamp Workflow Management 2016-05-31 17:08:08 UTC

openSUSE-SU-2016:1451-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 976636,977200,977328
CVE References: CVE-2016-0678
Sources used:
openSUSE Leap 42.1 (src):    virtualbox-5.0.18-16.1