openSUSE Security Update: Security update for Virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0925-1 Rating: moderate References: #1169628 Cross-References: CVE-2020-2741 CVE-2020-2742 CVE-2020-2743 CVE-2020-2748 CVE-2020-2758 CVE-2020-2894 CVE-2020-2902 CVE-2020-2905 CVE-2020-2907 CVE-2020-2908 CVE-2020-2909 CVE-2020-2910 CVE-2020-2911 CVE-2020-2913 CVE-2020-2914 CVE-2020-2929 CVE-2020-2951 CVE-2020-2958 CVE-2020-2959 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 19 vulnerabilities is now available. Description: Virtualbox was updated to 6.0.22 (released May 15 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: Guest Additions: Build problems fix with Oracle Linux 8.2 (Red Hat compatible kernel) / Red Hat Enterprise Linux 8.2 / CentOS 8.2 (bug #19391) Guest Control/VBoxManage: fix handling of multiple environment variables supplied to 'VBoxManage guestcontrol VM run' (6.1.6/6.0.20 regression; bug #19518) Version bump to 6.0.20 (released April 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: - USB: Multiple enhancements improving prformance and stability - VBoxManage: Multiple fixes for guestcontrol command - Graphics: Enhancements in 2D and 3D acceleration and rendering - API: Fix for exception handling bug in Python bindings - Linux host and guest: Support Linux kernel 5.6 (bug #19312) This update fixes the following security issues: CVE-2020-2741, CVE-2020-2742, CVE-2020-2743, CVE-2020-2748, CVE-2020-2758, CVE-2020-2894, CVE-2020-2902, CVE-2020-2905, CVE-2020-2907, CVE-2020-2908, CVE-2020-2909, CVE-2020-2910, CVE-2020-2911, CVE-2020-2913, CVE-2020-2914, CVE-2020-2929, CVE-2020-2951, CVE-2020-2958, CVE-2020-2959 (bsc#1169628) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-925=1 Package List: - openSUSE Leap 15.1 (noarch): virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 virtualbox-guest-source-6.0.22-lp151.2.15.1 virtualbox-host-source-6.0.22-lp151.2.15.1 - openSUSE Leap 15.1 (x86_64): python3-virtualbox-6.0.22-lp151.2.15.1 python3-virtualbox-debuginfo-6.0.22-lp151.2.15.1 virtualbox-6.0.22-lp151.2.15.1 virtualbox-debuginfo-6.0.22-lp151.2.15.1 virtualbox-debugsource-6.0.22-lp151.2.15.1 virtualbox-devel-6.0.22-lp151.2.15.1 virtualbox-guest-tools-6.0.22-lp151.2.15.1 virtualbox-guest-tools-debuginfo-6.0.22-lp151.2.15.1 virtualbox-guest-x11-6.0.22-lp151.2.15.1 virtualbox-guest-x11-debuginfo-6.0.22-lp151.2.15.1 virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 virtualbox-kmp-default-debuginfo-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 virtualbox-qt-6.0.22-lp151.2.15.1 virtualbox-qt-debuginfo-6.0.22-lp151.2.15.1 virtualbox-vnc-6.0.22-lp151.2.15.1 virtualbox-websrv-6.0.22-lp151.2.15.1 virtualbox-websrv-debuginfo-6.0.22-lp151.2.15.1 References: https://www.suse.com/security/cve/CVE-2020-2741.html https://www.suse.com/security/cve/CVE-2020-2742.html https://www.suse.com/security/cve/CVE-2020-2743.html https://www.suse.com/security/cve/CVE-2020-2748.html https://www.suse.com/security/cve/CVE-2020-2758.html https://www.suse.com/security/cve/CVE-2020-2894.html https://www.suse.com/security/cve/CVE-2020-2902.html https://www.suse.com/security/cve/CVE-2020-2905.html https://www.suse.com/security/cve/CVE-2020-2907.html https://www.suse.com/security/cve/CVE-2020-2908.html https://www.suse.com/security/cve/CVE-2020-2909.html https://www.suse.com/security/cve/CVE-2020-2910.html https://www.suse.com/security/cve/CVE-2020-2911.html https://www.suse.com/security/cve/CVE-2020-2913.html https://www.suse.com/security/cve/CVE-2020-2914.html https://www.suse.com/security/cve/CVE-2020-2929.html https://www.suse.com/security/cve/CVE-2020-2951.html https://www.suse.com/security/cve/CVE-2020-2958.html https://www.suse.com/security/cve/CVE-2020-2959.html https://bugzilla.suse.com/1169628 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org