Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 644894 (CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, CVE-2018-2698) - <app-emulation/virtualbox-{,-bin}-{5.1.32,5.2.6}: multiple vulnerabilities (OCPUJAN2018)
Summary: <app-emulation/virtualbox-{,-bin}-{5.1.32,5.2.6}: multiple vulnerabilities (O...
Status: RESOLVED FIXED
Alias: CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, CVE-2018-2698
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: http://www.oracle.com/technetwork/sec...
Whiteboard: B1 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-18 00:39 UTC by GLSAMaker/CVETool Bot
Modified: 2018-02-11 22:42 UTC (History)
3 users (show)

See Also:
Package list:
app-emulation/virtualbox-5.1.32 app-emulation/virtualbox-additions-5.1.32 app-emulation/virtualbox-bin-5.1.32.120294 app-emulation/virtualbox-extpack-oracle-5.1.32.120294 app-emulation/virtualbox-guest-additions-5.1.32 app-emulation/virtualbox-modules-5.1.32 x11-drivers/xf86-video-virtualbox-5.1.32
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-01-18 00:39:28 UTC
Incoming details.
Comment 1 Thomas Deutschmann gentoo-dev Security 2018-01-18 00:43:28 UTC
See $URL for details.
Comment 2 Thomas Deutschmann gentoo-dev Security 2018-01-18 00:45:12 UTC
@ Maintainer(s): Please set package list and CC arches when ready!
Comment 3 Lars Wendler (Polynomial-C) gentoo-dev 2018-01-18 09:26:54 UTC
Arches please test and mark stable 5.1.32 version of virtualbox packages.
Comment 4 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-01-18 21:41:33 UTC
amd64 stable
Comment 5 Thomas Deutschmann gentoo-dev Security 2018-01-21 20:33:33 UTC
x86 stable
Comment 6 Thomas Deutschmann gentoo-dev Security 2018-01-21 20:40:05 UTC
@ Maintainer(s): Please cleanup!
Comment 7 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-23 02:03:32 UTC
GLSA request filed.
Comment 8 Larry the Git Cow gentoo-dev 2018-01-25 12:04:22 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1eff352f571c93e2fa4d0716bb9b51318964ff1c

commit 1eff352f571c93e2fa4d0716bb9b51318964ff1c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2018-01-25 12:03:53 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2018-01-25 12:04:16 +0000

    virtualbox packages: Security cleanup.
    
    Bug: https://bugs.gentoo.org/644894
    Package-Manager: Portage-2.3.20, Repoman-2.3.6

 app-emulation/virtualbox-additions/Manifest        |   2 -
 .../virtualbox-additions-5.1.30.ebuild             |  35 --
 .../virtualbox-additions-5.2.4.ebuild              |  35 --
 app-emulation/virtualbox-bin/Manifest              |   8 -
 .../virtualbox-bin-5.1.30.118389.ebuild            | 287 -------------
 .../virtualbox-bin-5.2.4.119785.ebuild             | 287 -------------
 app-emulation/virtualbox-extpack-oracle/Manifest   |   2 -
 .../virtualbox-extpack-oracle-5.1.30.118389.ebuild |  42 --
 .../virtualbox-extpack-oracle-5.2.4.119785.ebuild  |  42 --
 app-emulation/virtualbox-guest-additions/Manifest  |   2 -
 .../virtualbox-guest-additions-5.1.30.ebuild       | 221 ----------
 .../virtualbox-guest-additions-5.2.4.ebuild        | 228 ----------
 app-emulation/virtualbox-modules/Manifest          |   2 -
 .../virtualbox-modules-5.1.30.ebuild               |  68 ---
 .../virtualbox-modules-5.2.4.ebuild                |  59 ---
 app-emulation/virtualbox/Manifest                  |   3 -
 app-emulation/virtualbox/virtualbox-5.1.30.ebuild  | 461 ---------------------
 app-emulation/virtualbox/virtualbox-5.2.4.ebuild   | 461 ---------------------
 x11-drivers/xf86-video-virtualbox/Manifest         |   1 -
 .../xf86-video-virtualbox-5.1.30.ebuild            | 195 ---------
 20 files changed, 2441 deletions(-)}
Comment 9 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-25 17:41:16 UTC
(In reply to Larry the Git Cow from comment #8)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=1eff352f571c93e2fa4d0716bb9b51318964ff1c
> 
> commit 1eff352f571c93e2fa4d0716bb9b51318964ff1c
> Author:     Lars Wendler <polynomial-c@gentoo.org>
> AuthorDate: 2018-01-25 12:03:53 +0000
> Commit:     Lars Wendler <polynomial-c@gentoo.org>
> CommitDate: 2018-01-25 12:04:16 +0000
> 
>     virtualbox packages: Security cleanup.
>     
>     Bug: https://bugs.gentoo.org/644894
>     Package-Manager: Portage-2.3.20, Repoman-2.3.6
> 
>  app-emulation/virtualbox-additions/Manifest        |   2 -
>  .../virtualbox-additions-5.1.30.ebuild             |  35 --
>  .../virtualbox-additions-5.2.4.ebuild              |  35 --
>  app-emulation/virtualbox-bin/Manifest              |   8 -
>  .../virtualbox-bin-5.1.30.118389.ebuild            | 287 -------------
>  .../virtualbox-bin-5.2.4.119785.ebuild             | 287 -------------
>  app-emulation/virtualbox-extpack-oracle/Manifest   |   2 -
>  .../virtualbox-extpack-oracle-5.1.30.118389.ebuild |  42 --
>  .../virtualbox-extpack-oracle-5.2.4.119785.ebuild  |  42 --
>  app-emulation/virtualbox-guest-additions/Manifest  |   2 -
>  .../virtualbox-guest-additions-5.1.30.ebuild       | 221 ----------
>  .../virtualbox-guest-additions-5.2.4.ebuild        | 228 ----------
>  app-emulation/virtualbox-modules/Manifest          |   2 -
>  .../virtualbox-modules-5.1.30.ebuild               |  68 ---
>  .../virtualbox-modules-5.2.4.ebuild                |  59 ---
>  app-emulation/virtualbox/Manifest                  |   3 -
>  app-emulation/virtualbox/virtualbox-5.1.30.ebuild  | 461
> ---------------------
>  app-emulation/virtualbox/virtualbox-5.2.4.ebuild   | 461
> ---------------------
>  x11-drivers/xf86-video-virtualbox/Manifest         |   1 -
>  .../xf86-video-virtualbox-5.1.30.ebuild            | 195 ---------
>  20 files changed, 2441 deletions(-)}

Thanks, Lars!
Comment 10 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-01-25 17:41:40 UTC
Sorry, still pending GLSA.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2018-02-11 22:42:59 UTC
This issue was resolved and addressed in
 GLSA 201802-01 at https://security.gentoo.org/glsa/201802-01
by GLSA coordinator Thomas Deutschmann (whissi).