openSUSE Security Update: Security update for VirtualBox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:1855-1 Rating: moderate References: #951432 Cross-References: CVE-2015-4813 CVE-2015-4896 Affected Products: openSUSE 13.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: VirtualBox was updated to 4.3.32 to fix security issues and bugs. The following vulnerabilities were fixed: * CVE-2015-4813: Windows guests with guest additions installed could cause a hang or crash of VirtualBox. * CVE-2015-4896: Remote unauthenticated users could cause crash (DoS) via the network when the Remote Display feature (RDP) is enabled. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-688=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): python-virtualbox-4.3.32-32.2 python-virtualbox-debuginfo-4.3.32-32.2 virtualbox-4.3.32-32.2 virtualbox-debuginfo-4.3.32-32.2 virtualbox-debugsource-4.3.32-32.2 virtualbox-devel-4.3.32-32.2 virtualbox-guest-kmp-default-4.3.32_k3.16.7_29-32.2 virtualbox-guest-kmp-default-debuginfo-4.3.32_k3.16.7_29-32.2 virtualbox-guest-kmp-desktop-4.3.32_k3.16.7_29-32.2 virtualbox-guest-kmp-desktop-debuginfo-4.3.32_k3.16.7_29-32.2 virtualbox-guest-tools-4.3.32-32.2 virtualbox-guest-tools-debuginfo-4.3.32-32.2 virtualbox-guest-x11-4.3.32-32.2 virtualbox-guest-x11-debuginfo-4.3.32-32.2 virtualbox-host-kmp-default-4.3.32_k3.16.7_29-32.2 virtualbox-host-kmp-default-debuginfo-4.3.32_k3.16.7_29-32.2 virtualbox-host-kmp-desktop-4.3.32_k3.16.7_29-32.2 virtualbox-host-kmp-desktop-debuginfo-4.3.32_k3.16.7_29-32.2 virtualbox-qt-4.3.32-32.2 virtualbox-qt-debuginfo-4.3.32-32.2 virtualbox-websrv-4.3.32-32.2 virtualbox-websrv-debuginfo-4.3.32-32.2 - openSUSE 13.2 (noarch): virtualbox-guest-desktop-icons-4.3.32-32.2 virtualbox-host-source-4.3.32-32.2 - openSUSE 13.2 (i586): virtualbox-guest-kmp-pae-4.3.32_k3.16.7_29-32.2 virtualbox-guest-kmp-pae-debuginfo-4.3.32_k3.16.7_29-32.2 virtualbox-host-kmp-pae-4.3.32_k3.16.7_29-32.2 virtualbox-host-kmp-pae-debuginfo-4.3.32_k3.16.7_29-32.2 References: https://www.suse.com/security/cve/CVE-2015-4813.html https://www.suse.com/security/cve/CVE-2015-4896.html https://bugzilla.suse.com/951432