diff -Nru virtualbox-4.1.18-dfsg/debian/changelog virtualbox-4.1.18-dfsg/debian/changelog --- virtualbox-4.1.18-dfsg/debian/changelog 2014-04-14 11:24:39.000000000 +0200 +++ virtualbox-4.1.18-dfsg/debian/changelog 2015-01-22 14:32:23.000000000 +0100 @@ -1,3 +1,12 @@ +virtualbox (4.1.18-dfsg-2+deb7u4) wheezy-security; urgency=medium + + [ Frank Mehnert ] + * fix security vulnerabilities (Closes: #775888) + CVE-2015-0377, CVE-2015-0418 + - debian/patches/CVE-2015-0{377,418}.patch + + -- Gianfranco Costamagna Thu, 22 Jan 2015 14:21:14 +0100 + virtualbox (4.1.18-dfsg-2+deb7u3) wheezy-security; urgency=high * Fix memory corruption vulnerabilities in 3D acceleration. (Closes: #741602) diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch --- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch 1970-01-01 01:00:00.000000000 +0100 +++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0377.patch 2015-01-22 14:30:57.000000000 +0100 @@ -0,0 +1,20 @@ +Index: src/VBox/VMM/VMMAll/IOMAllMMIO.cpp +=================================================================== +--- a/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95342) ++++ b/src/VBox/VMM/VMMAll/IOMAllMMIO.cpp (revision 95343) +@@ -1696,7 +1696,14 @@ + if (rc2 == VERR_SEM_BUSY) + return VINF_IOM_HC_MMIO_READ_WRITE; + #endif +- VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, iomMmioGetRange(pVM, GCPhysFault)); ++ PIOMMMIORANGE pRange = iomMmioGetRange(pVM, GCPhysFault); ++ if (RT_UNLIKELY(!pRange)) ++ { ++ IOM_UNLOCK(pVM); ++ return VERR_IOM_MMIO_RANGE_NOT_FOUND; ++ } ++ ++ VBOXSTRICTRC rcStrict = iomMMIOHandler(pVM, (uint32_t)uErrorCode, pCtxCore, GCPhysFault, pRange); + IOM_UNLOCK(pVM); + return VBOXSTRICTRC_VAL(rcStrict); + } diff -Nru virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch --- virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch 1970-01-01 01:00:00.000000000 +0100 +++ virtualbox-4.1.18-dfsg/debian/patches/CVE-2015-0418.patch 2015-01-22 14:31:26.000000000 +0100 @@ -0,0 +1,32 @@ +Index: include/VBox/vmm/hwacc_vmx.h +=================================================================== +--- a/include/VBox/vmm/hwacc_vmx.h (revision 96156) ++++ b/include/VBox/vmm/hwacc_vmx.h (revision 96157) +@@ -525,6 +525,12 @@ + #define VMX_EXIT_WBINVD 54 + /** 55 XSETBV. Guest software attempted to execute XSETBV. */ + #define VMX_EXIT_XSETBV 55 ++/** 57 RDRAND. Guest software attempted to execute RDRAND. */ ++#define VMX_EXIT_RDRAND 57 ++/** 58 INVPCID. Guest software attempted to execute INVPCID. */ ++#define VMX_EXIT_INVPCID 58 ++/** 59 VMFUNC. Guest software attempted to execute VMFUNC. */ ++#define VMX_EXIT_VMFUNC 59 + /** @} */ + + +Index: src/VBox/VMM/VMMR0/HWVMXR0.cpp +=================================================================== +--- a/src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96156) ++++ b/src/VBox/VMM/VMMR0/HWVMXR0.cpp (revision 96157) +@@ -4112,6 +4112,10 @@ + case VMX_EXIT_VMWRITE: /* 25 Guest software executed VMWRITE. */ + case VMX_EXIT_VMXOFF: /* 26 Guest software executed VMXOFF. */ + case VMX_EXIT_VMXON: /* 27 Guest software executed VMXON. */ ++ case VMX_EXIT_INVEPT: /* 50 Guest software executed INVEPT. */ ++ case VMX_EXIT_INVVPID: /* 53 Guest software executed INVVPID. */ ++ case VMX_EXIT_INVPCID: /* 58 Guest software executed INVPCID. */ ++ case VMX_EXIT_VMFUNC: /* 59 Guest software executed VMFUNC. */ + /** @todo inject #UD immediately */ + rc = VERR_EM_INTERPRETER; + break; diff -Nru virtualbox-4.1.18-dfsg/debian/patches/series virtualbox-4.1.18-dfsg/debian/patches/series --- virtualbox-4.1.18-dfsg/debian/patches/series 2014-04-14 11:25:14.000000000 +0200 +++ virtualbox-4.1.18-dfsg/debian/patches/series 2015-01-22 14:30:06.000000000 +0100 @@ -20,3 +20,5 @@ 38-security-fixes-2014-01.patch CVE-2014-0981.patch CVE-2014-0983.patch +CVE-2015-0377.patch +CVE-2015-0418.patch