Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2021:1403-1

Опубликовано: 31 окт. 2021
Источник: suse-cvrf

Описание

Security update for virtualbox

This update for virtualbox fixes the following issues:

Version bump to 6.1.28 (released October 19 2021 by Oracle)

This is a maintenance release. The following items were fixed and/or added:

  • VMM: Fixed guru meditation while booting nested-guests accessing debug registers under certain conditions

  • UI: Bug fixes for touchpad-based scrolling

  • VMSVGA: Fixed VM black screen issue on first resize after restoring from saved state (bug #20067)

  • VMSVGA: Fixed display corruption on Linux Mint (bug #20513)

  • Storage: Fixed a possible write error under certain circumstances when using VHD images (bug #20512)

  • Network: Multiple updates in virtio-net device support

  • Network: Disconnecting cable in saved VM state now is handled properly by virtio-net

  • Network: More administrative control over network ranges, see user manual

  • NAT: Fixed not rejecting TFTP requests with absolute pathnames (bug #20589)

  • Audio: Fixed VM session aborting after PC hibernation (bug #20516)

  • Audio: Fixed setting the line-in volume of the HDA emulation on modern Linux guests

  • Audio: Fixed resuming playback of the AC'97 emulation while a snapshot has been taken

  • API: Added bindings support for Python 3.9 (bug #20252)

  • API: Fixed rare hang of VM when changing settings at runtime

  • Linux host: Improved kernel modules installation detection which prevents unnecessary modules rebuild

  • Host Services: Shared Clipboard: Prevent guest clipboard reset when clipboard sharing is disabled (bug #20487)

  • Host Services: Shared Clipboard over VRDP: Fixed to continue working when guest service reconnects to host (bug #20366)

  • Host Services: Shared Clipboard over VRDP: Fixed preventing remote RDP client to hang when guest has no clipboard data to report

  • Linux Host and Guest: Introduced initial support for kernels 5.14 and 5.15

  • Linux Host and Guest: Introduced initial support for RHEL 8.5 kernel

  • Windows Guest: Introduced Windows 11 guest support, including unattended installation

  • Fixes CVE-2021-35538, CVE-2021-35545, CVE-2021-35540, CVE-2021-35542, and CVE-2021-2475 (boo#1191869)

  • Use kernel_module_directory macro for kernel modules (boo#1191526)

  • Finish UsrMerge for VirtualBox components (boo#1191104).

Список пакетов

openSUSE Leap 15.2
python3-virtualbox-6.1.28-lp152.2.38.1
virtualbox-6.1.28-lp152.2.38.1
virtualbox-devel-6.1.28-lp152.2.38.1
virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1
virtualbox-guest-source-6.1.28-lp152.2.38.1
virtualbox-guest-tools-6.1.28-lp152.2.38.1
virtualbox-guest-x11-6.1.28-lp152.2.38.1
virtualbox-host-source-6.1.28-lp152.2.38.1
virtualbox-kmp-default-6.1.28_k5.3.18_lp152.95-lp152.2.38.1
virtualbox-kmp-preempt-6.1.28_k5.3.18_lp152.95-lp152.2.38.1
virtualbox-qt-6.1.28-lp152.2.38.1
virtualbox-vnc-6.1.28-lp152.2.38.1
virtualbox-websrv-6.1.28-lp152.2.38.1

Ссылки

Описание

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
openSUSE Leap 15.2:python3-virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-devel-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1
Ссылки

Описание

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability does not apply to Windows systems. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Затронутые продукты
openSUSE Leap 15.2:python3-virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-devel-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1
Ссылки

Описание

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
openSUSE Leap 15.2:python3-virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-devel-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1
Ссылки

Описание

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Затронутые продукты
openSUSE Leap 15.2:python3-virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-devel-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1
Ссылки

Описание

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.28. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.7 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H).

Затронутые продукты
openSUSE Leap 15.2:python3-virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-devel-6.1.28-lp152.2.38.1
openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.28-lp152.2.38.1
Ссылки
Уязвимость openSUSE-SU-2021:1403-1