Hi Frank
>the most CVEs from that CPU are related to the experimental VMSVGA >implementation. This code is not documented and not announced and >regular users will not use it. Therefore I suggest you to just disable >that code by setting > > VBOX_WITH_VMSVGA= > VBOX_WITH_VMSVGA3D= > >This will automatically omit CVE-2014-6595, CVE-2014-6590, CVE-2014-6589, >CVE-2014-6588 and CVE-2015-0427. The actual patch to fix this code is a bit >lengthy, therefore disabling this code is IMO the best solution. I presume starting from version 4.0 everything needs to be patched by disabling it? >CVE-2015-0418: VBox 4.3.x is not affected (only 4.2.x and older) >CVE-2015-0377: VBox 4.3.x is not affected (only 4.2.x and older) do you have any patch for <= 4.2.x then? we have in the archive (debian and ubuntu) 4.0.10 4.1.12 4.1.18 4.3.10 4.3.14 4.3.18 4.3.20 (not affected at all I presume) Frank-- Dr.-Ing. Frank Mehnert | Software Development Director, VirtualBox ORACLE Deutschland B.V. & Co. KG | Werkstr. 24 | 71384 Weinstadt, Germany Hauptverwaltung: Riesstr. 25, D-80992 München Registergericht: Amtsgericht München, HRA 95603 Geschäftsführer: Jürgen Kunz Komplementärin: ORACLE Deutschland Verwaltung B.V. Hertogswetering 163/167, 3543 AS Utrecht, Niederlande Handelsregister der Handelskammer Midden-Niederlande, Nr. 30143697 Geschäftsführer: Alexander van der Ven, Astrid Kepper, Val Maher -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
