Mailinglist Archive: opensuse-updates (101 mails)

< Previous Next >
openSUSE-SU-2015:0229-1: moderate: Security update for virtualbox
openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0229-1
Rating: moderate
References: #914447
Cross-References: CVE-2014-0224 CVE-2014-6588 CVE-2014-6589
CVE-2014-6590 CVE-2014-6595 CVE-2015-0377
CVE-2015-0418 CVE-2015-0427
Affected Products:
openSUSE 13.2
openSUSE 13.1
______________________________________________________________________________

An update that fixes 8 vulnerabilities is now available.

Description:

virtualbox was updated to version 4.2.28 to fix eight security issues.

These security issues were fixed:
- OpenSSL fixes for VirtualBox (CVE-2014-0224)
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26,
4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via
unknown vectors related to Core, a different vulnerability than
CVE-2015-0418 (CVE-2015-0377, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20
allows local users to affect integrity and availability via vectors
related to VMSVGA virtual graphics device, a different vulnerability
than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427
(CVE-2014-6595, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20
allows local users to affect integrity and availability via vectors
related to VMSVGA virtual graphics device, a different vulnerability
than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427
(CVE-2014-6588, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20
allows local users to affect integrity and availability via vectors
related to VMSVGA virtual graphics device, a different vulnerability
than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427
(CVE-2014-6589, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox before 4.3.20
allows local users to affect integrity and availability via vectors
related to VMSVGA virtual graphics device, a different vulnerability
than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427
(CVE-2014-6590, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 4.3.20
allows local users to affect integrity and availability via vectors
related to VMSVGA virtual graphics device, a different vulnerability
than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595
(CVE-2015-0427, bnc#914447).
- Unspecified vulnerability in the Oracle VM VirtualBox prior to 3.2.26,
4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via
unknown vectors related to Core, a different vulnerability than
CVE-2015-0377 (CVE-2015-0418, bnc#914447).

For the full changelog please read
https://www.virtualbox.org/wiki/Changelog-4.2


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2015-116=1

- openSUSE 13.1:

zypper in -t patch openSUSE-2015-116=1

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 13.2 (i586 x86_64):

python-virtualbox-4.3.20-7.1
python-virtualbox-debuginfo-4.3.20-7.1
virtualbox-4.3.20-7.1
virtualbox-debuginfo-4.3.20-7.1
virtualbox-debugsource-4.3.20-7.1
virtualbox-devel-4.3.20-7.1
virtualbox-guest-kmp-default-4.3.20_k3.16.7_7-7.1
virtualbox-guest-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1
virtualbox-guest-kmp-desktop-4.3.20_k3.16.7_7-7.1
virtualbox-guest-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1
virtualbox-guest-tools-4.3.20-7.1
virtualbox-guest-tools-debuginfo-4.3.20-7.1
virtualbox-guest-x11-4.3.20-7.1
virtualbox-guest-x11-debuginfo-4.3.20-7.1
virtualbox-host-kmp-default-4.3.20_k3.16.7_7-7.1
virtualbox-host-kmp-default-debuginfo-4.3.20_k3.16.7_7-7.1
virtualbox-host-kmp-desktop-4.3.20_k3.16.7_7-7.1
virtualbox-host-kmp-desktop-debuginfo-4.3.20_k3.16.7_7-7.1
virtualbox-qt-4.3.20-7.1
virtualbox-qt-debuginfo-4.3.20-7.1
virtualbox-websrv-4.3.20-7.1
virtualbox-websrv-debuginfo-4.3.20-7.1

- openSUSE 13.2 (noarch):

virtualbox-guest-desktop-icons-4.3.20-7.1

- openSUSE 13.2 (i586):

virtualbox-guest-kmp-pae-4.3.20_k3.16.7_7-7.1
virtualbox-guest-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1
virtualbox-host-kmp-pae-4.3.20_k3.16.7_7-7.1
virtualbox-host-kmp-pae-debuginfo-4.3.20_k3.16.7_7-7.1

- openSUSE 13.1 (i586 x86_64):

python-virtualbox-4.2.28-2.25.1
python-virtualbox-debuginfo-4.2.28-2.25.1
virtualbox-4.2.28-2.25.1
virtualbox-debuginfo-4.2.28-2.25.1
virtualbox-debugsource-4.2.28-2.25.1
virtualbox-devel-4.2.28-2.25.1
virtualbox-guest-kmp-default-4.2.28_k3.11.10_25-2.25.1
virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1
virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_25-2.25.1
virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1
virtualbox-guest-tools-4.2.28-2.25.1
virtualbox-guest-tools-debuginfo-4.2.28-2.25.1
virtualbox-guest-x11-4.2.28-2.25.1
virtualbox-guest-x11-debuginfo-4.2.28-2.25.1
virtualbox-host-kmp-default-4.2.28_k3.11.10_25-2.25.1
virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_25-2.25.1
virtualbox-host-kmp-desktop-4.2.28_k3.11.10_25-2.25.1
virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_25-2.25.1
virtualbox-qt-4.2.28-2.25.1
virtualbox-qt-debuginfo-4.2.28-2.25.1
virtualbox-websrv-4.2.28-2.25.1
virtualbox-websrv-debuginfo-4.2.28-2.25.1

- openSUSE 13.1 (i586):

virtualbox-guest-kmp-pae-4.2.28_k3.11.10_25-2.25.1
virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1
virtualbox-host-kmp-pae-4.2.28_k3.11.10_25-2.25.1
virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_25-2.25.1


References:

http://support.novell.com/security/cve/CVE-2014-0224.html
http://support.novell.com/security/cve/CVE-2014-6588.html
http://support.novell.com/security/cve/CVE-2014-6589.html
http://support.novell.com/security/cve/CVE-2014-6590.html
http://support.novell.com/security/cve/CVE-2014-6595.html
http://support.novell.com/security/cve/CVE-2015-0377.html
http://support.novell.com/security/cve/CVE-2015-0418.html
http://support.novell.com/security/cve/CVE-2015-0427.html
https://bugzilla.suse.com/show_bug.cgi?id=914447


< Previous Next >
This Thread
  • No further messages