[SRU] Virtualbox in trusty 14.04 is an old version and has many security vulnerabilities
Bug #1812671 reported by
Mike Salvatore
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
virtualbox (Ubuntu) |
Fix Released
|
Undecided
|
Gianfranco Costamagna | |||
Trusty |
Fix Released
|
Undecided
|
Gianfranco Costamagna | |||
virtualbox-guest-additions-iso (Ubuntu) |
Fix Released
|
Undecided
|
Gianfranco Costamagna | |||
Trusty |
Fix Released
|
Undecided
|
Gianfranco Costamagna | |||
virtualbox-lts-xenial (Ubuntu) | ||||||
Trusty |
Fix Released
|
Undecided
|
Gianfranco Costamagna |
Bug Description
[Impact]
The Virtualbox version in trusty 14.04 is 4.3.36. It is affected by up to 110 vulnerabilities. 23 can be resolved if virtualbox can be upgraded to 5.0.40. An additional 37 can be resolved if virtualbox can be upgraded to 5.1.38.
[Test Case]
* Install Vbox, and play with it
[Regression Potential]
* low, never had regressions in stable updates.
* upstream is really careful in his testing before release
CVE References
Changed in virtualbox-lts-xenial (Ubuntu): | |
status: | New → Fix Released |
Changed in virtualbox (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in virtualbox-guest-additions-iso (Ubuntu): | |
status: | In Progress → Fix Released |
Changed in virtualbox (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in virtualbox-guest-additions-iso (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in virtualbox-lts-xenial (Ubuntu Trusty): | |
status: | New → In Progress |
Changed in virtualbox (Ubuntu Trusty): | |
assignee: | nobody → Gianfranco Costamagna (costamagnagianfranco) |
Changed in virtualbox-guest-additions-iso (Ubuntu Trusty): | |
assignee: | nobody → Gianfranco Costamagna (costamagnagianfranco) |
Changed in virtualbox-lts-xenial (Ubuntu): | |
assignee: | nobody → Gianfranco Costamagna (costamagnagianfranco) |
Changed in virtualbox-lts-xenial (Ubuntu Trusty): | |
assignee: | nobody → Gianfranco Costamagna (costamagnagianfranco) |
To post a comment you must log in.
Mike, I uploaded them on my ppa [1] and unapproved queue.
I think 5* series is out of scope here, but 4.3.40 is a minor jump I can do.
We can consider a 5* jump but this requires probably a kbuild backport and a lot of more testing, since the diff will be considerably huge.
[1] https:/ /launchpad. net/~costamagna gianfranco/ +archive/ ubuntu/ virtualbox- ppa
we can SRU this one now, and wait for the new one in the future?