[Pkg-virtualbox-devel] Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Ritesh Raj Sarraf rrs at debian.org
Mon Jan 26 15:44:55 UTC 2015 

On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote:
> On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
>> In the past someone from upstream posted the upstream commits to the
>> bug log, maybe you can contact them for more information so that we
>> can merge the isolated fixes into the jessie version? Cheers, Moritz 
>
> Moritz,
>
> For unstable, I've pushed the upload an d asked for an exception.
>
> For Wheezy, it is building right now. Once the build is complete, I'll
> push it to s-p-u. And send you the debdiff.

Please find attached the debdiff. Please give me an ACK, and then I'll
do the upload.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-virtualbox-devel/attachments/20150126/93085c88/attachment.html>
-------------- next part --------------
diff -Nru virtualbox-4.1.18-dfsg/debian/changelog virtualbox-4.1.18-dfsg/debian/changelog
--- virtualbox-4.1.18-dfsg/debian/changelog	2014-04-14 14:54:39.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/changelog	2015-01-26 19:07:00.000000000 +0530
@@ -1,3 +1,12 @@
+virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium
+
+  [ Frank Mehnert ]
+  * fix security vulnerabilities (Closes: #775888)
+     CVE-2015-0377, CVE-2015-0418
+     - debian/patches/CVE-2015-0{377,418}.patch
+
+ -- Gianfranco Costamagna <costamagnagianfranco at yahoo.it>  Thu, 22 Jan 2015 14:21:14 +0100
+
 virtualbox (4.1.18-dfsg-2+deb7u3) wheezy-security; urgency=high
 
   * Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602)
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch
--- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch	1970-01-01 05:30:00.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch	2015-01-26 19:07:00.000000000 +0530
@@ -0,0 +1,20 @@
+Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp
+===================================================================
+--- a/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp	(revision 95342)
++++ b/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp	(revision 95343)
+@@ -1696,7 +1696,14 @@
+     if (rc2 == VERR_SEM_BUSY)
+         return VINF_IOM_HC_MMIO_READ_WRITE;
+ #endif
+-    VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault));
++    PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault);
++    if (RT_UNLIKELY(!pRange))
++    {
++        IOM_UNLOCK(pVM);
++        return VERR_IOM_MMIO_RANGE_NOT_FOUND;
++    }
++
++    VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange);
+     IOM_UNLOCK(pVM);
+     return VBOXSTRICTRC_VAL(rcStrict);
+ }
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch
--- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch	1970-01-01 05:30:00.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch	2015-01-26 19:07:00.000000000 +0530
@@ -0,0 +1,32 @@
+Index: include/VBox/vmm/hwacc_vmx.h
+===================================================================
+--- a/include/VBox/vmm/hwacc_vmx.h	(revision 96156)
++++ b/include/VBox/vmm/hwacc_vmx.h	(revision 96157)
+@@ -525,6 +525,12 @@
+ #define VMX_EXIT_WBINVD             54
+ /** 55 XSETBV. Guest software attempted to execute XSETBV. */
+ #define VMX_EXIT_XSETBV             55
++/** 57 RDRAND. Guest software attempted to execute RDRAND. */
++#define VMX_EXIT_RDRAND             57
++/** 58 INVPCID. Guest software attempted to execute INVPCID. */
++#define VMX_EXIT_INVPCID            58
++/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */
++#define VMX_EXIT_VMFUNC             59
+ /** @} */
+ 
+ 
+Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp
+===================================================================
+--- a/src/VBox/VMM/VMMR0/HWVMXR0.cpp	(revision 96156)
++++ b/src/VBox/VMM/VMMR0/HWVMXR0.cpp	(revision 96157)
+@@ -4112,6 +4112,10 @@
+     case VMX_EXIT_VMWRITE:              /* 25 Guest software executed VMWRITE. */
+     case VMX_EXIT_VMXOFF:               /* 26 Guest software executed VMXOFF. */
+     case VMX_EXIT_VMXON:                /* 27 Guest software executed VMXON. */
++    case VMX_EXIT_INVEPT:               /* 50 Guest software executed INVEPT. */
++    case VMX_EXIT_INVVPID:              /* 53 Guest software executed INVVPID. */
++    case VMX_EXIT_INVPCID:              /* 58 Guest software executed INVPCID. */
++    case VMX_EXIT_VMFUNC:               /* 59 Guest software executed VMFUNC. */
+         /** @todo inject #UD immediately */
+         rc = VERR_EM_INTERPRETER;
+         break;
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series virtualbox-4.1.18-dfsg/debian/patches/series
--- virtualbox-4.1.18-dfsg/debian/patches/series	2014-04-14 14:55:14.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/patches/series	2015-01-26 19:07:00.000000000 +0530
@@ -20,3 +20,5 @@
 38-security-fixes-2014-01.patch
 CVE-2014-0981.patch
 CVE-2014-0983.patch
+CVE-2015-0377.patch
+CVE-2015-0418.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-virtualbox-devel/attachments/20150126/93085c88/attachment.sig>

More information about the Pkg-virtualbox-devel mailing list