File _patchinfo of Package patchinfo.5133
<patchinfo incident="5133">
<issue id="976636" tracker="bnc">VUL-0: CVE-2016-0678: virtualbox: Unspecified vulnerability in the Oracle VM VirtualBox</issue>
<issue id="977328" tracker="bnc">virtualbox guest init script requires missing config file</issue>
<issue id="977200" tracker="bnc">[vboxdrmfb] VirtualBox Guest KMS driver does not work with xf86-video-fbdev</issue>
<issue id="CVE-2016-0678" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>lwfinger</packager>
<description>
virtualbox was updated to 5.0.18 and also fixes the following issues:
Version bump to 5.0.18 (released 2016-04-18 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226)
GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan
GUI: fixed a test which allowed to encrypt a hard disk with an empty password
GUI: fixed a crash under certain conditions during VM shutdown
GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group
PC speaker passthrough: fixes (Linux hosts only; bug #627)
Drag and drop: several fixes
SATA: fixed hotplug flag handling when EFI is used
Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812)
Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used
USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222)
NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223)
ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression)
Guest Control: fixed VBoxManage copyfrom command (bug #14336)
Snapshots: fixed several problems when removing older snapshots (bug #15206)
VBoxManage: fixed --verbose output of the guestcontrol command
Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296)
Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209)
Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698)
Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks
Solaris hosts / guests: properly sign the kernel modules (bug #12608)
Linux hosts / guests: Linux 4.5 fixes (bug #15251)
Linux hosts / guests: Linux 4.6 fixes (bug #15298)
Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732)
Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available
Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled
Additional bugfixes:
* Fix start failure of vboxadd service routine
This script fails because /var/lib/VBoxGuestAdditions/config does not exist; however, there is no need
for this file. That service routine is modified.
(boo#977328).
* Add missing initialization of scanout buffer base and size for
proper fbdev support.
* Add support for delayed_io in fbdev-layer. (boo#977200).
- This submission fixes the bug in VB 5.0.18 that prevents proper operation
for guest VMs configured to use a LsiLogic adapter for disks. See ticket:
https://www.virtualbox.org/ticket/15317 for a description of the problem,
and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix,
which is implemented in file "changeset_60565.diff".
This update contains a fix for CVE-2016-0678. Bug report boo#976636
discusses this vulnerability.
</description>
<summary>Security update for virtualbox</summary>
</patchinfo>
