Описание
Security update for virtualbox
This update for virtualbox fixes the following issues:
Version update to 6.1.18 (released January 19 2021)
This is a maintenance release. The following items were fixed and/or added:
-
Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts (bug #19315, #19561)
-
OCI integration: Cloud Instance parameters parsing is improved on import (bug #19156)
-
Network: UDP checksum offloading in e1000 no longer produces zero checksums (bug #19930)
-
Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP on host resume (bug #19620)
-
NAT: Fixed mss parameter handing (bug #15256)
-
macOS host: Multiple optimizations for BigSur
-
Audio: Fixed issues with audio playback after host goes to sleep (bug #18594)
-
Documentation: Some content touch-up and table formatting fixes
-
Linux host and guest: Support kernel version 5.10 (bug #20055)
-
Solaris host: Fix regression breaking VGA text mode since version 6.1.0
-
Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and later (bug #20091)
-
Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0 through 3.2.50 (bug #20006)
-
Guest Additions: Fixed a VM segfault on copy with shared clipboard with X11 (bug #19226)
-
Shared Folder: Fixed error with remounting on Linux guests
-
Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198.
-
Disable build of guest modules. These are included in recent kernels
-
Fix additional mouse control dialog issues.
Список пакетов
openSUSE Leap 15.2
Ссылки
- E-Mail link for openSUSE-SU-2021:0165-1
- SUSE Security Ratings
- SUSE Bug 1181197
- SUSE Bug 1181198
- SUSE CVE CVE-2021-2074 page
- SUSE CVE CVE-2021-2129 page
Описание
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Затронутые продукты
Ссылки
- CVE-2021-2074
- SUSE Bug 1181197
- SUSE Bug 1181199
Описание
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 7.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N).
Затронутые продукты
Ссылки
- CVE-2021-2129
- SUSE Bug 1181198
- SUSE Bug 1181199