From LWN:
From the NVD entries:
CVE-2016-5501: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5538.
CVE-2016-5538: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core, a different
vulnerability than CVE-2016-5501.
CVE-2016-5605: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.1.4 in Oracle Virtualization allows remote
attackers to affect confidentiality and integrity via vectors related
to VRDE.
CVE-2016-5608: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5613.
CVE-2016-5610: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality,
integrity, and availability via vectors related to Core.
CVE-2016-5611: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect confidentiality via
vectors related to Core.
CVE-2016-5613: Unspecified vulnerability in the Oracle VM VirtualBox
component before 5.0.28 and 5.1.x before 5.1.8 in Oracle
Virtualization allows local users to affect availability via vectors
related to Core, a different vulnerability than CVE-2016-5608.
Upstream changelog without bug numbers:
* GUI: fixed issue with opening '.vbox' files and it's aliases
* GUI: keyboard grabbing fixes
* GUI: fix for passing through Ctrl + mouse-click
* GUI: fixed automatic deletion of extension pack files
* USB: fixed showing unknown device instead of the manufacturer or
product description under certain circumstances
* XHCI: another fix for a hanging guest under certain conditions, this
time for Windows 7 guests
* Serial: fixed high CPU usage with certain USB to serial converters
on Linux hosts
* Storage: fixed attaching stream optimized VMDK images
* Storage: reject image variants which are unsupported by the backend
* Storage: fixed loading saved states created with VirtualBox 5.0.10
and older when using a SCSI controller
* Storage: fixed broken NVMe emulation if the host I/O cache setting
is enabled
* Storage: fixed using multiple NVMe controllers if ICH9 is used
* NVMe: fixed a crash during reset which could happen under certain
circumstances
* Audio: fixed microphone input (5.1.2 regression)
* Audio: fixed crashes under certain conditions (5.1.0 regression)
* Audio: fixed recording with the ALSA backend (5.1 regression)
* Audio: fixed stream access mode with OSS backend (5.1 regression,
thanks to Jung-uk Kim)
* E1000: do also return masked bits when reading the ICR register,
this fixes booting from iPXE (5.1.2 regression)
* BIOS: fixed 4bpp scanline calculation
* API: relax the check for the version attribute in OVF/OVA appliances
* Windows hosts: fixed crashes when terminating the VM selector or
other VBox COM clients
* Linux Installer: fixed path to the documentation in .rpm packages
(5.1.0 regression)
* Linux Installer: fixed the vboxdrv.sh script to prevent an SELinux
complaint
* Linux hosts: don't use 32-bit legacy capabilities
* Linux Additions: Linux 4.8 fix for the kernel display driver
* Linux Additions: don't load the kernel modules provided by the Linux
distribution but load the kernel modules from the
official Guest Additions package instead
* Linux Additions: fix dynamic resizing problems in recent Linux
guests
* User Manual: fixed error in the VBoxManage chapter for the
getextradata enumerate example
The full upstream changelog with bug numbers can be found at:
https://www.virtualbox.org/wiki/Changelog-5.1#v6
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
We now no longer need to update VirtualBox manually, which has a few
advantages. Along with making it just easier to update this also makes
the update procedure way less error-prone, for example if people forget
to bump the extension pack revision or to update the guest additions.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
