openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:1486-1
Rating:             moderate
References:         #1114605 #1174075 #1174159 #1175201 
Cross-References:   CVE-2020-14628 CVE-2020-14629 CVE-2020-14646
                    CVE-2020-14647 CVE-2020-14648 CVE-2020-14649
                    CVE-2020-14650 CVE-2020-14673 CVE-2020-14674
                    CVE-2020-14675 CVE-2020-14676 CVE-2020-14677
                    CVE-2020-14694 CVE-2020-14695 CVE-2020-14698
                    CVE-2020-14699 CVE-2020-14700 CVE-2020-14703
                    CVE-2020-14704 CVE-2020-14707 CVE-2020-14711
                    CVE-2020-14712 CVE-2020-14713 CVE-2020-14714
                    CVE-2020-14715
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that fixes 25 vulnerabilities is now available.

Description:

   This update for virtualbox fixes the following issues:

   Update to Oracle version 6.1.14a.

     This minor update enables the building of libvirt again.

   Version update to 6.1.14 (released September 04 2020 by Oracle)

     File "fix_virtio_build.patch" is added to fix a build problem. This is a
   maintenance release. The following items were fixed and/or added: GUI:
   Fixes file name changes in the File location field when creating Virtual
   Hard Disk (bug #19286) VMM: Fixed running VMs which failed to start with
   VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug #19779 and #19804)
   Audio: fix regression in HDA emulation introduced in 6.1.0 Shared
   Clipboard: Fixed a potential crash when copying HTML data (6.1.2
   regression; bug #19226) Linux host and guest: Linux kernel version 5.8
   support EFI: Fixed reading ISO9660 filesystems on attached media (6.1.0
   regression; bug #19682) EFI: Support booting from drives attached to the
   LsiLogic SCSI and SAS controller emulations

   Pseudo version bump to 6.1.13, which is NOT an Oracle release.

     Update VB sources to run under kernel 5.8.0+ with no modifications to
   the kernel. These sources are derived from r85883 of the Oracle svn
   repository. For operations with USB{2,3}, the extension pack for revision
   140056 must be installed. Once Oracle releases 6.1.14, then the extension
   pack and VB itself will have the same revision number. File
   "fixes_for_5.8.patch" is removed as that part was fixed upstream. Fixes
   boo#1175201.

   Apply Oracle changes for kernel 5.8.

   Version bump to 6.1.12 (released July 14 2020 by Oracle)

     This is a maintenance release. The following items were fixed and/or
   added: File "turn_off_cloud_net.patch" added. Fixes for CVE-2020-14628,
   CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 CVE-2020-14713,
   CVE-2020-14674, CVE-2020-14675, CVE-2020-14676 CVE-2020-14677,
   CVE-2020-14699, CVE-2020-14711, CVE-2020-14629 CVE-2020-14703,
   CVE-2020-14704, CVE-2020-14648, CVE-2020-14650 CVE-2020-14673,
   CVE-2020-14694, CVE-2020-14695, CVE-2020-14698 CVE-2020-14700,
   CVE-2020-14712, CVE-2020-14707, CVE-2020-14714 CVE-2020-14715 boo#1174159.
   UI: Fixes for Log-Viewer search-backward icon Devices: Fixes and
   improvements for the BusLogic SCSI controller emulation Serial Port:
   Regression fixes in FIFO data handling Oracle Cloud Infrastructure
   integration: Experimental new type of network attachment, allowing local
   VM to act as if it was run in cloud API: improved resource management in
   the guest control functionality VBoxManage: fixed command option parsing
   for the "snapshot edit" sub-command VBoxManage: Fix crash of 'VBoxManage
   internalcommands repairhd' when processing invalid input (bug #19579)
   Guest Additions, 3D: New experimental GLX graphics output Guest Additions,
   3D: Fixed releasing texture objects, which could cause guest crashes Guest
   Additions: Fixed writes to a file on a shared folder not being reflected
   on the host when the file is mmap'ed and the used Linux kernel is between
   version 4.10.0 and 4.11.x Guest Additions: Fixed the shared folder driver
   on 32bit Windows 8 and newer returning an error when flushing writes to a
   file which is mapped into memory under rare circumstances Guest Additions:
   Improve resize coverage for VMSVGA graphics controller Guest Additions:
   Fix issues detecting guest additions ISO at runtime Guest Additions: Fixed
   German translation encoding for Windows GA installer


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2020-1486=1



Package List:

   - openSUSE Leap 15.2 (noarch):

      virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1
      virtualbox-guest-source-6.1.14-lp152.2.5.1
      virtualbox-host-source-6.1.14-lp152.2.5.1

   - openSUSE Leap 15.2 (x86_64):

      python3-virtualbox-6.1.14-lp152.2.5.1
      python3-virtualbox-debuginfo-6.1.14-lp152.2.5.1
      virtualbox-6.1.14-lp152.2.5.1
      virtualbox-debuginfo-6.1.14-lp152.2.5.1
      virtualbox-debugsource-6.1.14-lp152.2.5.1
      virtualbox-devel-6.1.14-lp152.2.5.1
      virtualbox-guest-tools-6.1.14-lp152.2.5.1
      virtualbox-guest-tools-debuginfo-6.1.14-lp152.2.5.1
      virtualbox-guest-x11-6.1.14-lp152.2.5.1
      virtualbox-guest-x11-debuginfo-6.1.14-lp152.2.5.1
      virtualbox-kmp-debugsource-6.1.14-lp152.2.5.1
      virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1
      virtualbox-kmp-default-debuginfo-6.1.14_k5.3.18_lp152.41-lp152.2.5.1
      virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1
      virtualbox-kmp-preempt-debuginfo-6.1.14_k5.3.18_lp152.41-lp152.2.5.1
      virtualbox-qt-6.1.14-lp152.2.5.1
      virtualbox-qt-debuginfo-6.1.14-lp152.2.5.1
      virtualbox-vnc-6.1.14-lp152.2.5.1
      virtualbox-websrv-6.1.14-lp152.2.5.1
      virtualbox-websrv-debuginfo-6.1.14-lp152.2.5.1


References:

   https://www.suse.com/security/cve/CVE-2020-14628.html
   https://www.suse.com/security/cve/CVE-2020-14629.html
   https://www.suse.com/security/cve/CVE-2020-14646.html
   https://www.suse.com/security/cve/CVE-2020-14647.html
   https://www.suse.com/security/cve/CVE-2020-14648.html
   https://www.suse.com/security/cve/CVE-2020-14649.html
   https://www.suse.com/security/cve/CVE-2020-14650.html
   https://www.suse.com/security/cve/CVE-2020-14673.html
   https://www.suse.com/security/cve/CVE-2020-14674.html
   https://www.suse.com/security/cve/CVE-2020-14675.html
   https://www.suse.com/security/cve/CVE-2020-14676.html
   https://www.suse.com/security/cve/CVE-2020-14677.html
   https://www.suse.com/security/cve/CVE-2020-14694.html
   https://www.suse.com/security/cve/CVE-2020-14695.html
   https://www.suse.com/security/cve/CVE-2020-14698.html
   https://www.suse.com/security/cve/CVE-2020-14699.html
   https://www.suse.com/security/cve/CVE-2020-14700.html
   https://www.suse.com/security/cve/CVE-2020-14703.html
   https://www.suse.com/security/cve/CVE-2020-14704.html
   https://www.suse.com/security/cve/CVE-2020-14707.html
   https://www.suse.com/security/cve/CVE-2020-14711.html
   https://www.suse.com/security/cve/CVE-2020-14712.html
   https://www.suse.com/security/cve/CVE-2020-14713.html
   https://www.suse.com/security/cve/CVE-2020-14714.html
   https://www.suse.com/security/cve/CVE-2020-14715.html
   https://bugzilla.suse.com/1114605
   https://bugzilla.suse.com/1174075
   https://bugzilla.suse.com/1174159
   https://bugzilla.suse.com/1175201

--

openSUSE: 2020:1486-1: moderate: virtualbox

September 20, 2020
An update that fixes 25 vulnerabilities is now available.

Description

This update for virtualbox fixes the following issues: Update to Oracle version 6.1.14a. This minor update enables the building of libvirt again. Version update to 6.1.14 (released September 04 2020 by Oracle) File "fix_virtio_build.patch" is added to fix a build problem. This is a maintenance release. The following items were fixed and/or added: GUI: Fixes file name changes in the File location field when creating Virtual Hard Disk (bug #19286) VMM: Fixed running VMs which failed to start with VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug #19779 and #19804) Audio: fix regression in HDA emulation introduced in 6.1.0 Shared Clipboard: Fixed a potential crash when copying HTML data (6.1.2 regression; bug #19226) Linux host and guest: Linux kernel version 5.8 support EFI: Fixed reading ISO9660 filesystems on attached media (6.1.0 regression; bug #19682) EFI: Support booting from drives attached to the LsiLogic SCSI and SAS controller emulations Pseudo version bump to 6.1.13, which is NOT an Oracle release. Update VB sources to run under kernel 5.8.0+ with no modifications to the kernel. These sources are derived from r85883 of the Oracle svn repository. For operations with USB{2,3}, the extension pack for revision 140056 must be installed. Once Oracle releases 6.1.14, then the extension pack and VB itself will have the same revision number. File "fixes_for_5.8.patch" is removed as that part was fixed upstream. Fixes boo#1175201. Apply Oracle changes for kernel 5.8. Version bump to 6.1.12 (released July 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: File "turn_off_cloud_net.patch" added. Fixes for CVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676 CVE-2020-14677, CVE-2020-14699, CVE-2020-14711, CVE-2020-14629 CVE-2020-14703, CVE-2020-14704, CVE-2020-14648, CVE-2020-14650 CVE-2020-14673, CVE-2020-14694, CVE-2020-14695, CVE-2020-14698 CVE-2020-14700, CVE-2020-14712, CVE-2020-14707, CVE-2020-14714 CVE-2020-14715 boo#1174159. UI: Fixes for Log-Viewer search-backward icon Devices: Fixes and improvements for the BusLogic SCSI controller emulation Serial Port: Regression fixes in FIFO data handling Oracle Cloud Infrastructure integration: Experimental new type of network attachment, allowing local VM to act as if it was run in cloud API: improved resource management in the guest control functionality VBoxManage: fixed command option parsing for the "snapshot edit" sub-command VBoxManage: Fix crash of 'VBoxManage internalcommands repairhd' when processing invalid input (bug #19579) Guest Additions, 3D: New experimental GLX graphics output Guest Additions, 3D: Fixed releasing texture objects, which could cause guest crashes Guest Additions: Fixed writes to a file on a shared folder not being reflected on the host when the file is mmap'ed and the used Linux kernel is between version 4.10.0 and 4.11.x Guest Additions: Fixed the shared folder driver on 32bit Windows 8 and newer returning an error when flushing writes to a file which is mapped into memory under rare circumstances Guest Additions: Improve resize coverage for VMSVGA graphics controller Guest Additions: Fix issues detecting guest additions ISO at runtime Guest Additions: Fixed German translation encoding for Windows GA installer

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1486=1


Package List

- openSUSE Leap 15.2 (noarch): virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 virtualbox-guest-source-6.1.14-lp152.2.5.1 virtualbox-host-source-6.1.14-lp152.2.5.1 - openSUSE Leap 15.2 (x86_64): python3-virtualbox-6.1.14-lp152.2.5.1 python3-virtualbox-debuginfo-6.1.14-lp152.2.5.1 virtualbox-6.1.14-lp152.2.5.1 virtualbox-debuginfo-6.1.14-lp152.2.5.1 virtualbox-debugsource-6.1.14-lp152.2.5.1 virtualbox-devel-6.1.14-lp152.2.5.1 virtualbox-guest-tools-6.1.14-lp152.2.5.1 virtualbox-guest-tools-debuginfo-6.1.14-lp152.2.5.1 virtualbox-guest-x11-6.1.14-lp152.2.5.1 virtualbox-guest-x11-debuginfo-6.1.14-lp152.2.5.1 virtualbox-kmp-debugsource-6.1.14-lp152.2.5.1 virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 virtualbox-kmp-default-debuginfo-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 virtualbox-kmp-preempt-debuginfo-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 virtualbox-qt-6.1.14-lp152.2.5.1 virtualbox-qt-debuginfo-6.1.14-lp152.2.5.1 virtualbox-vnc-6.1.14-lp152.2.5.1 virtualbox-websrv-6.1.14-lp152.2.5.1 virtualbox-websrv-debuginfo-6.1.14-lp152.2.5.1


References

https://www.suse.com/security/cve/CVE-2020-14628.html https://www.suse.com/security/cve/CVE-2020-14629.html https://www.suse.com/security/cve/CVE-2020-14646.html https://www.suse.com/security/cve/CVE-2020-14647.html https://www.suse.com/security/cve/CVE-2020-14648.html https://www.suse.com/security/cve/CVE-2020-14649.html https://www.suse.com/security/cve/CVE-2020-14650.html https://www.suse.com/security/cve/CVE-2020-14673.html https://www.suse.com/security/cve/CVE-2020-14674.html https://www.suse.com/security/cve/CVE-2020-14675.html https://www.suse.com/security/cve/CVE-2020-14676.html https://www.suse.com/security/cve/CVE-2020-14677.html https://www.suse.com/security/cve/CVE-2020-14694.html https://www.suse.com/security/cve/CVE-2020-14695.html https://www.suse.com/security/cve/CVE-2020-14698.html https://www.suse.com/security/cve/CVE-2020-14699.html https://www.suse.com/security/cve/CVE-2020-14700.html https://www.suse.com/security/cve/CVE-2020-14703.html https://www.suse.com/security/cve/CVE-2020-14704.html https://www.suse.com/security/cve/CVE-2020-14707.html https://www.suse.com/security/cve/CVE-2020-14711.html https://www.suse.com/security/cve/CVE-2020-14712.html https://www.suse.com/security/cve/CVE-2020-14713.html https://www.suse.com/security/cve/CVE-2020-14714.html https://www.suse.com/security/cve/CVE-2020-14715.html https://bugzilla.suse.com/1114605 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1174159 https://bugzilla.suse.com/1175201--


Severity
Announcement ID: openSUSE-SU-2020:1486-1
Rating: moderate
Affected Products: openSUSE Leap 15.2

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved