[Pkg-virtualbox-commits] [virtualbox] 01/01: Fix CVE Vulnerabities for Wheezy Security

Ritesh Raj Sarraf rrs at moszumanska.debian.org
Tue Jan 27 13:27:52 UTC 2015 

This is an automated email from the git hooks/post-receive script.

rrs pushed a commit to annotated tag debian/4.1.18-dfsg-2+deb7u4
in repository virtualbox.

commit 76a570bf2459a62704a4554ab56bffe90f8c597f
Author: Ritesh Raj Sarraf <rrs at debian.org>
Date:   Mon Jan 26 19:07:57 2015 +0530

    Fix CVE Vulnerabities for Wheezy Security
---
 debian/changelog                   |  9 +++++++++
 debian/patches/CVE-2015-0377.patch | 20 ++++++++++++++++++++
 debian/patches/CVE-2015-0418.patch | 32 ++++++++++++++++++++++++++++++++
 debian/patches/series              |  2 ++
 4 files changed, 63 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f5c715b..599d549 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium
+
+  [ Frank Mehnert ]
+  * fix security vulnerabilities (Closes: #775888)
+     CVE-2015-0377, CVE-2015-0418
+     - debian/patches/CVE-2015-0{377,418}.patch
+
+ -- Gianfranco Costamagna <costamagnagianfranco at yahoo.it>  Thu, 22 Jan 2015 14:21:14 +0100
+
 virtualbox (4.1.18-dfsg-2+deb7u3) wheezy-security; urgency=high
 
   * Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602)
diff --git a/debian/patches/CVE-2015-0377.patch b/debian/patches/CVE-2015-0377.patch
new file mode 100644
index 0000000..432afbe
--- /dev/null
+++ b/debian/patches/CVE-2015-0377.patch
@@ -0,0 +1,20 @@
+Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp
+===================================================================
+--- a/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp	(revision 95342)
++++ b/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp	(revision 95343)
+@@ -1696,7 +1696,14 @@
+     if (rc2 == VERR_SEM_BUSY)
+         return VINF_IOM_HC_MMIO_READ_WRITE;
+ #endif
+-    VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault));
++    PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault);
++    if (RT_UNLIKELY(!pRange))
++    {
++        IOM_UNLOCK(pVM);
++        return VERR_IOM_MMIO_RANGE_NOT_FOUND;
++    }
++
++    VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange);
+     IOM_UNLOCK(pVM);
+     return VBOXSTRICTRC_VAL(rcStrict);
+ }
diff --git a/debian/patches/CVE-2015-0418.patch b/debian/patches/CVE-2015-0418.patch
new file mode 100644
index 0000000..824dce5
--- /dev/null
+++ b/debian/patches/CVE-2015-0418.patch
@@ -0,0 +1,32 @@
+Index: include/VBox/vmm/hwacc_vmx.h
+===================================================================
+--- a/include/VBox/vmm/hwacc_vmx.h	(revision 96156)
++++ b/include/VBox/vmm/hwacc_vmx.h	(revision 96157)
+@@ -525,6 +525,12 @@
+ #define VMX_EXIT_WBINVD             54
+ /** 55 XSETBV. Guest software attempted to execute XSETBV. */
+ #define VMX_EXIT_XSETBV             55
++/** 57 RDRAND. Guest software attempted to execute RDRAND. */
++#define VMX_EXIT_RDRAND             57
++/** 58 INVPCID. Guest software attempted to execute INVPCID. */
++#define VMX_EXIT_INVPCID            58
++/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */
++#define VMX_EXIT_VMFUNC             59
+ /** @} */
+ 
+ 
+Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp
+===================================================================
+--- a/src/VBox/VMM/VMMR0/HWVMXR0.cpp	(revision 96156)
++++ b/src/VBox/VMM/VMMR0/HWVMXR0.cpp	(revision 96157)
+@@ -4112,6 +4112,10 @@
+     case VMX_EXIT_VMWRITE:              /* 25 Guest software executed VMWRITE. */
+     case VMX_EXIT_VMXOFF:               /* 26 Guest software executed VMXOFF. */
+     case VMX_EXIT_VMXON:                /* 27 Guest software executed VMXON. */
++    case VMX_EXIT_INVEPT:               /* 50 Guest software executed INVEPT. */
++    case VMX_EXIT_INVVPID:              /* 53 Guest software executed INVVPID. */
++    case VMX_EXIT_INVPCID:              /* 58 Guest software executed INVPCID. */
++    case VMX_EXIT_VMFUNC:               /* 59 Guest software executed VMFUNC. */
+         /** @todo inject #UD immediately */
+         rc = VERR_EM_INTERPRETER;
+         break;
diff --git a/debian/patches/series b/debian/patches/series
index 58cc347..af6b8e6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,3 +20,5 @@ CVE-2013-0420.patch
 38-security-fixes-2014-01.patch
 CVE-2014-0981.patch
 CVE-2014-0983.patch
+CVE-2015-0377.patch
+CVE-2015-0418.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-virtualbox/virtualbox.git

More information about the Pkg-virtualbox-commits mailing list