[security-announce] openSUSE-SU-2020:1511-1: important: Security update for virtualbox

24 Sep 2020

      openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:1511-1
Rating:             important
References:         #1174159 
Cross-References:   CVE-2020-14628 CVE-2020-14629 CVE-2020-14646
                    CVE-2020-14647 CVE-2020-14648 CVE-2020-14649
                    CVE-2020-14650 CVE-2020-14673 CVE-2020-14674
                    CVE-2020-14675 CVE-2020-14676 CVE-2020-14677
                    CVE-2020-14694 CVE-2020-14695 CVE-2020-14698
                    CVE-2020-14699 CVE-2020-14700 CVE-2020-14703
                    CVE-2020-14704 CVE-2020-14707 CVE-2020-14711
                    CVE-2020-14712 CVE-2020-14713 CVE-2020-14714
                    CVE-2020-14715
Affected Products:
                    openSUSE Leap 15.1
______________________________________________________________________________

   An update that fixes 25 vulnerabilities is now available.

Description:

   This update for virtualbox fixes the following issues:

   Version Bump to 6.0.24 (released July 14 2020 by Oracle)

   This is a maintenance release. The following items were fixed and/or added:

   - API: Fix unintentionally enabled audio due to a settings file version
     dependent bug
   - VBoxManage: Fix crash of 'VBoxManage internalcommands repairhd' when
     processing invalid input (bug #19579)
   - Guest Additions: Fix issues detecting guest additions ISO at runtime
   - Fixes CVE-2020-14628,	CVE-2020-14646, CVE-2020-14647, CVE-2020-14649,
     CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676,
     CVE-2020-14677, CVE-2020-14699, CVE-2020-14711, CVE-2020-14629,
     CVE-2020-14703, CVE-2020-14704, CVE-2020-14648, CVE-2020-14650,
     CVE-2020-14673, CVE-2020-14694, CVE-2020-14695, CVE-2020-14698,
     CVE-2020-14700, CVE-2020-14712, CVE-2020-14707, CVE-2020-14714,
     CVE-2020-14715 boo#1174159

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2020-1511=1

Package List:

   - openSUSE Leap 15.1 (x86_64):

      python3-virtualbox-6.0.24-lp151.2.18.1
      python3-virtualbox-debuginfo-6.0.24-lp151.2.18.1
      virtualbox-6.0.24-lp151.2.18.1
      virtualbox-debuginfo-6.0.24-lp151.2.18.1
      virtualbox-debugsource-6.0.24-lp151.2.18.1
      virtualbox-devel-6.0.24-lp151.2.18.1
      virtualbox-guest-tools-6.0.24-lp151.2.18.1
      virtualbox-guest-tools-debuginfo-6.0.24-lp151.2.18.1
      virtualbox-guest-x11-6.0.24-lp151.2.18.1
      virtualbox-guest-x11-debuginfo-6.0.24-lp151.2.18.1
      virtualbox-kmp-default-6.0.24_k4.12.14_lp151.28.67-lp151.2.18.1
      virtualbox-kmp-default-debuginfo-6.0.24_k4.12.14_lp151.28.67-lp151.2.18.1
      virtualbox-qt-6.0.24-lp151.2.18.1
      virtualbox-qt-debuginfo-6.0.24-lp151.2.18.1
      virtualbox-vnc-6.0.24-lp151.2.18.1
      virtualbox-websrv-6.0.24-lp151.2.18.1
      virtualbox-websrv-debuginfo-6.0.24-lp151.2.18.1

   - openSUSE Leap 15.1 (noarch):

      virtualbox-guest-desktop-icons-6.0.24-lp151.2.18.1
      virtualbox-guest-source-6.0.24-lp151.2.18.1
      virtualbox-host-source-6.0.24-lp151.2.18.1

References:

   https://www.suse.com/security/cve/CVE-2020-14628.html
   https://www.suse.com/security/cve/CVE-2020-14629.html
   https://www.suse.com/security/cve/CVE-2020-14646.html
   https://www.suse.com/security/cve/CVE-2020-14647.html
   https://www.suse.com/security/cve/CVE-2020-14648.html
   https://www.suse.com/security/cve/CVE-2020-14649.html
   https://www.suse.com/security/cve/CVE-2020-14650.html
   https://www.suse.com/security/cve/CVE-2020-14673.html
   https://www.suse.com/security/cve/CVE-2020-14674.html
   https://www.suse.com/security/cve/CVE-2020-14675.html
   https://www.suse.com/security/cve/CVE-2020-14676.html
   https://www.suse.com/security/cve/CVE-2020-14677.html
   https://www.suse.com/security/cve/CVE-2020-14694.html
   https://www.suse.com/security/cve/CVE-2020-14695.html
   https://www.suse.com/security/cve/CVE-2020-14698.html
   https://www.suse.com/security/cve/CVE-2020-14699.html
   https://www.suse.com/security/cve/CVE-2020-14700.html
   https://www.suse.com/security/cve/CVE-2020-14703.html
   https://www.suse.com/security/cve/CVE-2020-14704.html
   https://www.suse.com/security/cve/CVE-2020-14707.html
   https://www.suse.com/security/cve/CVE-2020-14711.html
   https://www.suse.com/security/cve/CVE-2020-14712.html
   https://www.suse.com/security/cve/CVE-2020-14713.html
   https://www.suse.com/security/cve/CVE-2020-14714.html
   https://www.suse.com/security/cve/CVE-2020-14715.html
   https://bugzilla.suse.com/1174159

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

opensuse-security＠opensuse.org

tags

participants (1)