openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0165-1 Rating: important References: #1181197 #1181198 Cross-References: CVE-2021-2074 CVE-2021-2129 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for virtualbox fixes the following issues: Version update to 6.1.18 (released January 19 2021) This is a maintenance release. The following items were fixed and/or added: - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts (bug #19315, #19561) - OCI integration: Cloud Instance parameters parsing is improved on import (bug #19156) - Network: UDP checksum offloading in e1000 no longer produces zero checksums (bug #19930) - Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP on host resume (bug #19620) - NAT: Fixed mss parameter handing (bug #15256) - macOS host: Multiple optimizations for BigSur - Audio: Fixed issues with audio playback after host goes to sleep (bug #18594) - Documentation: Some content touch-up and table formatting fixes - Linux host and guest: Support kernel version 5.10 (bug #20055) - Solaris host: Fix regression breaking VGA text mode since version 6.1.0 - Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and later (bug #20091) - Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0 through 3.2.50 (bug #20006) - Guest Additions: Fixed a VM segfault on copy with shared clipboard with X11 (bug #19226) - Shared Folder: Fixed error with remounting on Linux guests - Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. - Disable build of guest modules. These are included in recent kernels - Fix additional mouse control dialog issues. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-165=1 Package List: - openSUSE Leap 15.2 (noarch): virtualbox-guest-desktop-icons-6.1.18-lp152.2.11.1 virtualbox-host-source-6.1.18-lp152.2.11.1 - openSUSE Leap 15.2 (x86_64): python3-virtualbox-6.1.18-lp152.2.11.1 python3-virtualbox-debuginfo-6.1.18-lp152.2.11.1 virtualbox-6.1.18-lp152.2.11.1 virtualbox-debuginfo-6.1.18-lp152.2.11.1 virtualbox-debugsource-6.1.18-lp152.2.11.1 virtualbox-devel-6.1.18-lp152.2.11.1 virtualbox-guest-tools-6.1.18-lp152.2.11.1 virtualbox-guest-tools-debuginfo-6.1.18-lp152.2.11.1 virtualbox-guest-x11-6.1.18-lp152.2.11.1 virtualbox-guest-x11-debuginfo-6.1.18-lp152.2.11.1 virtualbox-kmp-debugsource-6.1.18-lp152.2.11.1 virtualbox-kmp-default-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-kmp-default-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-kmp-preempt-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-kmp-preempt-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-qt-6.1.18-lp152.2.11.1 virtualbox-qt-debuginfo-6.1.18-lp152.2.11.1 virtualbox-vnc-6.1.18-lp152.2.11.1 virtualbox-websrv-6.1.18-lp152.2.11.1 virtualbox-websrv-debuginfo-6.1.18-lp152.2.11.1 References: https://www.suse.com/security/cve/CVE-2021-2074.html https://www.suse.com/security/cve/CVE-2021-2129.html https://bugzilla.suse.com/1181197 https://bugzilla.suse.com/1181198