diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog --- virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog 2016-05-30 16:07:51.000000000 +0000 +++ virtualbox-lts-xenial-4.3.36-dfsg/debian/changelog 2019-03-11 16:54:59.000000000 +0000 @@ -1,3 +1,19 @@ +virtualbox-lts-xenial (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.6) trusty; urgency=medium + + * debian/patches/fix-for-guest-to-host-escape-vulnerability.patch: + - Apply patch for guest-to-host escape vulnerability (LP: #1809156) + - CVE-2018-3294 + + -- Gianfranco Costamagna Mon, 11 Mar 2019 17:54:59 +0100 + +virtualbox-lts-xenial (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.5) trusty; urgency=medium + + * debian/patches/fix-compile-for-xenial-kernel.patch + - Fix for LP: #1818049 (virtualbox dkms modules fail to build with + linux 4.4.0-143.169) + + -- Kleber Sacilotto de Souza Thu, 28 Feb 2019 18:14:33 +0100 + virtualbox-lts-xenial (4.3.36-dfsg-1+deb8u1ubuntu1.14.04.1~14.04.4) trusty; urgency=medium * Use lts-xenial stack. Build only guest additions (LP: #1424769). diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-compile-for-xenial-kernel.patch virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-compile-for-xenial-kernel.patch --- virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-compile-for-xenial-kernel.patch 1970-01-01 00:00:00.000000000 +0000 +++ virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-compile-for-xenial-kernel.patch 2019-02-28 17:14:33.000000000 +0000 @@ -0,0 +1,18 @@ +--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c ++++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c +@@ -1033,8 +1033,15 @@ + pTask->mm, /* Whose pages. */ + R3Ptr, /* Where from. */ + cPages, /* How many pages. */ ++# if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 4, 168)) && \ ++ (LINUX_VERSION_CODE < KERNEL_VERSION(4, 5, 0)) ++ fWrite ? FOLL_WRITE | /* Write to memory. */ ++ FOLL_FORCE /* force write access. */ ++ : 0, ++# else + fWrite, /* Write to memory. */ + fWrite, /* force write access. */ ++# endif + &pMemLnx->apPages[0], /* Page array. */ + papVMAs); /* vmas */ + if (rc == cPages) diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch --- virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch 1970-01-01 00:00:00.000000000 +0000 +++ virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/fix-guest-to-host-escape-vulnerability.patch 2019-01-17 16:49:01.000000000 +0000 @@ -0,0 +1,20 @@ +Description: Security fix for guest-to-host escape +Origin: upstream, https://www.virtualbox.org/changeset/75330 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1809156 +Applied-Upstream: 5.2.22 +Index: virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/DevE1000.cpp +=================================================================== +--- virtualbox-5.2.18-dfsg.orig/src/VBox/Devices/Network/DevE1000.cpp ++++ virtualbox-5.2.18-dfsg/src/VBox/Devices/Network/DevE1000.cpp +@@ -4877,6 +4877,11 @@ static int e1kXmitDesc(PE1KSTATE pThis, + if (pDesc->data.cmd.u20DTALEN == 0 || pDesc->data.u64BufAddr == 0) + { + E1kLog2(("% Empty data descriptor, skipped.\n", pThis->szPrf)); ++ if (pDesc->data.cmd.fEOP) ++ { ++ e1kTransmitFrame(pThis, fOnWorkerThread); ++ pThis->u16TxPktLen = 0; ++ } + } + else + { diff -Nru virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series --- virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series 2016-01-26 10:07:21.000000000 +0000 +++ virtualbox-lts-xenial-4.3.36-dfsg/debian/patches/series 2019-03-11 16:54:32.000000000 +0000 @@ -14,3 +14,5 @@ 32-disable-guest-version-check.patch 35-libvdeplug-soname.patch 36-fix-vnc-version-string.patch +fix-guest-to-host-escape-vulnerability.patch +fix-compile-for-xenial-kernel.patch