Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-1226.NASL
HistoryOct 27, 2016 - 12:00 a.m.

openSUSE Security Update : virtualbox (openSUSE-2016-1226)

2016-10-2700:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

This update for virtualbox fixes the following issues :

  • Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605, CVE-2016-5608, CVE-2016-5610, CVE-2016-5611, CVE-2016-5613 (boo#1005621).

  • Reduce memory needs during build.

  • Version bump to 5.0.28 (released 2016-10-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: NAT: Don’t exceed the maximum number of ‘search’ suffixes. Patch from bug #15948. NAT: fixed parsing of port-forwarding rules with a name which contains a slash (bug #16002) NAT Network: when the host has only loopback nameserver that cannot be mapped to the guests (e.g. dnsmasq running on 127.0.1.1), make DHCP supply NAT Network DNS proxy as nameserver. Bridged Network: prevent flooding syslog with packet allocation error messages (bug #15569) USB: fixed a possible crash when detaching a USB device Audio: fixes for recording (Mac OS X hosts only) Audio: now using Audio Queues on Mac OS X hosts OVF: improve importing of VMs created by VirtualBox 5.1 VHDX: fixed cloning images with VBoxManage cloned (bug #14288) Storage: Fixed broken bandwidth limitation when the limit is very low (bug #14982) Serial: Fixed high CPU usage with certain USB to serial converters on Linux hosts (bug #7796) BIOS: fixed 4bpp scanline calculation (bug #15787) VBoxManage: Don’t try to set the medium type if there is no change (bug #13850) API: fixed initialization of SAS controllers (bug #15972) Linux hosts: don’t use 32-bit legacy capabilities Linux hosts / guests: fix for kernels with CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux Additions: several fixes for X11 guests running non-root X servers Linux Additions: fix for Linux 4.7 (bug #15769) Linux Additions: fix for the display kmod driver with Linux 4.8 (bugs #15890 and #15896) Windows Additions: auto-resizing fixes for Windows 10 guests (bug #15257) Windows Additions: fixes for arranging the guest screens in multi-screen scenarios Windows Additions / VGA: if the guest’s power management turns a virtual screen off, blank the corresponding VM window rather than hide the VM window Windows Additions: fixed a generic bug which could lead to freezing shared folders (bug #15662)

  • Modify virtualbox-guest-preamble and virtualbox-host-preamble to obsolete old versions of the kernel modules. This change should fix the problem in (boo#983629).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-1226.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94302);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-5501", "CVE-2016-5538", "CVE-2016-5605", "CVE-2016-5608", "CVE-2016-5610", "CVE-2016-5611", "CVE-2016-5613");

  script_name(english:"openSUSE Security Update : virtualbox (openSUSE-2016-1226)");
  script_summary(english:"Check for the openSUSE-2016-1226 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for virtualbox fixes the following issues :

  - Address CVE-2016-5501, CVE-2016-5538, CVE-2016-5605,
    CVE-2016-5608, CVE-2016-5610, CVE-2016-5611,
    CVE-2016-5613 (boo#1005621).

  - Reduce memory needs during build.

  - Version bump to 5.0.28 (released 2016-10-18 by Oracle)
    This is a maintenance release. The following items were
    fixed and/or added: NAT: Don't exceed the maximum number
    of 'search' suffixes. Patch from bug #15948. NAT: fixed
    parsing of port-forwarding rules with a name which
    contains a slash (bug #16002) NAT Network: when the host
    has only loopback nameserver that cannot be mapped to
    the guests (e.g. dnsmasq running on 127.0.1.1), make
    DHCP supply NAT Network DNS proxy as nameserver. Bridged
    Network: prevent flooding syslog with packet allocation
    error messages (bug #15569) USB: fixed a possible crash
    when detaching a USB device Audio: fixes for recording
    (Mac OS X hosts only) Audio: now using Audio Queues on
    Mac OS X hosts OVF: improve importing of VMs created by
    VirtualBox 5.1 VHDX: fixed cloning images with
    VBoxManage cloned (bug #14288) Storage: Fixed broken
    bandwidth limitation when the limit is very low (bug
    #14982) Serial: Fixed high CPU usage with certain USB to
    serial converters on Linux hosts (bug #7796) BIOS: fixed
    4bpp scanline calculation (bug #15787) VBoxManage: Don't
    try to set the medium type if there is no change (bug
    #13850) API: fixed initialization of SAS controllers
    (bug #15972) Linux hosts: don't use 32-bit legacy
    capabilities Linux hosts / guests: fix for kernels with
    CONFIG_CPUMASK_OFFSTACK set (bug #16020) Linux
    Additions: several fixes for X11 guests running non-root
    X servers Linux Additions: fix for Linux 4.7 (bug
    #15769) Linux Additions: fix for the display kmod driver
    with Linux 4.8 (bugs #15890 and #15896) Windows
    Additions: auto-resizing fixes for Windows 10 guests
    (bug #15257) Windows Additions: fixes for arranging the
    guest screens in multi-screen scenarios Windows
    Additions / VGA: if the guest's power management turns a
    virtual screen off, blank the corresponding VM window
    rather than hide the VM window Windows Additions: fixed
    a generic bug which could lead to freezing shared
    folders (bug #15662) 

  - Modify virtualbox-guest-preamble and
    virtualbox-host-preamble to obsolete old versions of the
    kernel modules. This change should fix the problem in
    (boo#983629)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005621"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=983629"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected virtualbox packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"python-virtualbox-debuginfo-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debuginfo-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-debugsource-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-devel-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-desktop-icons-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-default-debuginfo-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-desktop-debuginfo-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-kmp-pae-debuginfo-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-tools-debuginfo-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-guest-x11-debuginfo-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-default-debuginfo-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-desktop-debuginfo-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-kmp-pae-debuginfo-5.0.28_k3.16.7_42-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-host-source-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-qt-debuginfo-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-5.0.28-54.1") ) flag++;
if ( rpm_check(release:"SUSE13.2", reference:"virtualbox-websrv-debuginfo-5.0.28-54.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-virtualbox / python-virtualbox-debuginfo / virtualbox / etc");
}
VendorProductVersionCPE
novellopensusepython-virtualboxp-cpe:/a:novell:opensuse:python-virtualbox
novellopensusepython-virtualbox-debuginfop-cpe:/a:novell:opensuse:python-virtualbox-debuginfo
novellopensusevirtualboxp-cpe:/a:novell:opensuse:virtualbox
novellopensusevirtualbox-debuginfop-cpe:/a:novell:opensuse:virtualbox-debuginfo
novellopensusevirtualbox-debugsourcep-cpe:/a:novell:opensuse:virtualbox-debugsource
novellopensusevirtualbox-develp-cpe:/a:novell:opensuse:virtualbox-devel
novellopensusevirtualbox-guest-desktop-iconsp-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons
novellopensusevirtualbox-guest-kmp-defaultp-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default
novellopensusevirtualbox-guest-kmp-default-debuginfop-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo
novellopensusevirtualbox-guest-kmp-desktopp-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop
Rows per page:
1-10 of 291

Related

nessus 4
kaspersky 1
openvas 7
ubuntucve 7
prion 7
cve 7
cvelist 7
debiancve 7
mageia 1
gentoo 1
oracle 1
nessus
nessus
openSUSE Security Update : virtualbox (openSUSE-2016-1366)
2016-11-29 00:00:00
Oracle VM VirtualBox 5.0.x < 5.0.28 / 5.1.x < 5.1.8 Multiple Vulnerabilities (October 2016 CPU)
2016-10-20 00:00:00
openSUSE Security Update : virtualbox (openSUSE-2017-141)
2017-01-25 00:00:00
kaspersky
kaspersky
KLA10888 Multiple vulnerabilities in Oracle VM VirtualBox
2016-10-19 00:00:00
openvas
openvas
Oracle Virtualbox Multiple Security Bypass And DoS Vulnerabilities - Mac OS X
2016-10-21 00:00:00
Oracle Virtualbox Multiple Security Bypass And DoS Vulnerabilities - Windows
2016-10-21 00:00:00
Oracle Virtualbox Multiple Security Bypass And DoS Vulnerabilities - Linux
2016-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2016-5501
2016-10-25 00:00:00
CVE-2016-5608
2016-10-25 00:00:00
CVE-2016-5613
2016-10-25 00:00:00
prion
prion
Design/Logic Flaw
2016-10-25 14:31:00
Design/Logic Flaw
2016-10-25 14:30:00
Design/Logic Flaw
2016-10-25 14:31:00
cve
cve
CVE-2016-5501
2016-10-25 14:29:00
CVE-2016-5613
2016-10-25 14:31:00
CVE-2016-5608
2016-10-25 14:31:00
cvelist
cvelist
CVE-2016-5501
2016-10-25 14:00:00
CVE-2016-5613
2016-10-25 14:00:00
CVE-2016-5608
2016-10-25 14:00:00
debiancve
debiancve
CVE-2016-5608
2016-10-25 14:31:00
CVE-2016-5613
2016-10-25 14:31:00
CVE-2016-5538
2016-10-25 14:30:00
mageia
mageia
Updated virtualbox packages fixes security vulnerabilities
2016-12-06 00:49:27
gentoo
gentoo
VirtualBox: Multiple vulnerabilities
2016-12-11 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
JSON
Related for OPENSUSE-2016-1226.NASL
nessus4kaspersky1openvas7ubuntucve7prion7cve7cvelist7debiancve7mageia1gentoo1oracle1