Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Ritesh Raj Sarraf Mon, 26 Jan 2015 07:49:28 -0800

On 01/26/2015 09:07 PM, Ritesh Raj Sarraf wrote:
> On 01/21/2015 01:23 PM, Moritz Muehlenhoff wrote:
>> In the past someone from upstream posted the upstream commits to the
>> bug log, maybe you can contact them for more information so that we
>> can merge the isolated fixes into the jessie version? Cheers, Moritz 
>
> Moritz,
>
> For unstable, I've pushed the upload an d asked for an exception.
>
> For Wheezy, it is building right now. Once the build is complete, I'll
> push it to s-p-u. And send you the debdiff.


Please find attached the debdiff. Please give me an ACK, and then I'll
do the upload.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

diff -Nru virtualbox-4.1.18-dfsg/debian/changelog 
virtualbox-4.1.18-dfsg/debian/changelog
--- virtualbox-4.1.18-dfsg/debian/changelog     2014-04-14 14:54:39.000000000 
+0530
+++ virtualbox-4.1.18-dfsg/debian/changelog     2015-01-26 19:07:00.000000000 
+0530
@@ -1,3 +1,12 @@
+virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium
+
+  [ Frank Mehnert ]
+  * fix security vulnerabilities (Closes: #775888)
+     CVE-2015-0377, CVE-2015-0418
+     - debian/patches/CVE-2015-0{377,418}.patch
+
+ -- Gianfranco Costamagna <[email protected]>  Thu, 22 Jan 2015 
14:21:14 +0100
+
 virtualbox (4.1.18-dfsg-2+deb7u3) wheezy-security; urgency=high
 
   * Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602)
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch 
virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch
--- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch   1970-01-01 
05:30:00.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch   2015-01-26 
19:07:00.000000000 +0530
@@ -0,0 +1,20 @@
+Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp
+===================================================================
+--- a/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp       (revision 95342)
++++ b/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp       (revision 95343)
+@@ -1696,7 +1696,14 @@
+     if (rc2 == VERR_SEM_BUSY)
+         return VINF_IOM_HC_MMIO_READ_WRITE;
+ #endif
+-    VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, 
pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault));
++    PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault);
++    if (RT_UNLIKELY(!pRange))
++    {
++        IOM_UNLOCK(pVM);
++        return VERR_IOM_MMIO_RANGE_NOT_FOUND;
++    }
++
++    VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, 
pCtxCore, GCPhysFault, pRange);
+     IOM_UNLOCK(pVM);
+     return VBOXSTRICTRC_VAL(rcStrict);
+ }
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch 
virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch
--- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch   1970-01-01 
05:30:00.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch   2015-01-26 
19:07:00.000000000 +0530
@@ -0,0 +1,32 @@
+Index: include/VBox/vmm/hwacc_vmx.h
+===================================================================
+--- a/include/VBox/vmm/hwacc_vmx.h     (revision 96156)
++++ b/include/VBox/vmm/hwacc_vmx.h     (revision 96157)
+@@ -525,6 +525,12 @@
+ #define VMX_EXIT_WBINVD             54
+ /** 55 XSETBV. Guest software attempted to execute XSETBV. */
+ #define VMX_EXIT_XSETBV             55
++/** 57 RDRAND. Guest software attempted to execute RDRAND. */
++#define VMX_EXIT_RDRAND             57
++/** 58 INVPCID. Guest software attempted to execute INVPCID. */
++#define VMX_EXIT_INVPCID            58
++/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */
++#define VMX_EXIT_VMFUNC             59
+ /** @} */
+ 
+ 
+Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp
+===================================================================
+--- a/src/VBox/VMM/VMMR0/HWVMXR0.cpp   (revision 96156)
++++ b/src/VBox/VMM/VMMR0/HWVMXR0.cpp   (revision 96157)
+@@ -4112,6 +4112,10 @@
+     case VMX_EXIT_VMWRITE:              /* 25 Guest software executed 
VMWRITE. */
+     case VMX_EXIT_VMXOFF:               /* 26 Guest software executed VMXOFF. 
*/
+     case VMX_EXIT_VMXON:                /* 27 Guest software executed VMXON. 
*/
++    case VMX_EXIT_INVEPT:               /* 50 Guest software executed INVEPT. 
*/
++    case VMX_EXIT_INVVPID:              /* 53 Guest software executed 
INVVPID. */
++    case VMX_EXIT_INVPCID:              /* 58 Guest software executed 
INVPCID. */
++    case VMX_EXIT_VMFUNC:               /* 59 Guest software executed VMFUNC. 
*/
+         /** @todo inject #UD immediately */
+         rc = VERR_EM_INTERPRETER;
+         break;
diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series 
virtualbox-4.1.18-dfsg/debian/patches/series
--- virtualbox-4.1.18-dfsg/debian/patches/series        2014-04-14 
14:55:14.000000000 +0530
+++ virtualbox-4.1.18-dfsg/debian/patches/series        2015-01-26 
19:07:00.000000000 +0530
@@ -20,3 +20,5 @@
 38-security-fixes-2014-01.patch
 CVE-2014-0981.patch
 CVE-2014-0983.patch
+CVE-2015-0377.patch
+CVE-2015-0418.patch

signature.asc
Description: OpenPGP digital signature

Bug#775888: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427

Reply via email to