openSUSE-SU-2015:2154-1: moderate: Security update for virtualbox

openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:2154-1 Rating: moderate References: #951432 Cross-References: CVE-2015-4813 CVE-2015-4896 Affected Products: openSUSE 13.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: The virtualbox package was updated to version 4.2.36 to fix the following security and non security issues: - Version bump tp 4.2.36 (released 2015-11-11 by Oracle) * several fixes - Oracle is not more specific - Version bump to 4.2.34 (released 2015-10-20 by Oracle) (bsc#951432) * CVE-2015-4813: Only Windows guests are impacted. Windows guests without VirtualBox Guest Additions installed are not affected. * CVE-2015-4896: Only VMs with Remote Display feature (RDP) enabled are impacted by CVE-2015-4896. * several fixes - Linux hosts: Linux 4.2 fix - Linux hosts: Linux 4.3 compile fixes - Windows hosts: hardening fixes - Linux Additions: Linux 4.2 fixes (bug #14227) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2015-839=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 x86_64): python-virtualbox-4.2.36-2.52.2 python-virtualbox-debuginfo-4.2.36-2.52.2 virtualbox-4.2.36-2.52.2 virtualbox-debuginfo-4.2.36-2.52.2 virtualbox-debugsource-4.2.36-2.52.2 virtualbox-devel-4.2.36-2.52.2 virtualbox-guest-kmp-default-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-kmp-desktop-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-tools-4.2.36-2.52.2 virtualbox-guest-tools-debuginfo-4.2.36-2.52.2 virtualbox-guest-x11-4.2.36-2.52.2 virtualbox-guest-x11-debuginfo-4.2.36-2.52.2 virtualbox-host-kmp-default-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-default-debuginfo-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-desktop-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.11.10_29-2.52.2 virtualbox-qt-4.2.36-2.52.2 virtualbox-qt-debuginfo-4.2.36-2.52.2 virtualbox-websrv-4.2.36-2.52.2 virtualbox-websrv-debuginfo-4.2.36-2.52.2 - openSUSE 13.1 (noarch): virtualbox-host-source-4.2.36-2.52.2 - openSUSE 13.1 (i586): virtualbox-guest-kmp-pae-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-pae-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.11.10_29-2.52.2 References: https://www.suse.com/security/cve/CVE-2015-4813.html https://www.suse.com/security/cve/CVE-2015-4896.html https://bugzilla.suse.com/951432