openSUSE Security Update: Security update for kbuild, virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:2524-1 Rating: important References: #1039375 #1076372 #1079838 #1093731 #1097248 #1098050 #1101667 Cross-References: CVE-2017-5715 CVE-2018-0739 CVE-2018-2676 CVE-2018-2685 CVE-2018-2686 CVE-2018-2687 CVE-2018-2688 CVE-2018-2689 CVE-2018-2690 CVE-2018-2693 CVE-2018-2694 CVE-2018-2698 CVE-2018-2830 CVE-2018-2831 CVE-2018-2835 CVE-2018-2836 CVE-2018-2837 CVE-2018-2842 CVE-2018-2843 CVE-2018-2844 CVE-2018-2845 CVE-2018-2860 CVE-2018-3005 CVE-2018-3055 CVE-2018-3085 CVE-2018-3086 CVE-2018-3087 CVE-2018-3088 CVE-2018-3089 CVE-2018-3090 CVE-2018-3091 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes 31 vulnerabilities is now available. Description: This update for kbuild, virtualbox fixes the following issues: kbuild changes: - Update to version 0.1.9998svn3110 - Do not assume glibc glob internals - Support GLIBC glob interface version 2 - Fix build failure (boo#1079838) - Fix build with GCC7 (boo#1039375) - Fix build by disabling vboxvideo_drv.so virtualbox security fixes (boo#1101667, boo#1076372): - CVE-2018-3005 - CVE-2018-3055 - CVE-2018-3085 - CVE-2018-3086 - CVE-2018-3087 - CVE-2018-3088 - CVE-2018-3089 - CVE-2018-3090 - CVE-2018-3091 - CVE-2018-2694 - CVE-2018-2698 - CVE-2018-2685 - CVE-2018-2686 - CVE-2018-2687 - CVE-2018-2688 - CVE-2018-2689 - CVE-2018-2690 - CVE-2018-2676 - CVE-2018-2693 - CVE-2017-5715 virtualbox other changes: - Version bump to 5.2.16 - Use %{?linux_make_arch} when building kernel modules (boo#1098050) - Fixed vboxguestconfig.sh script - Update warning regarding the security hole in USB passthrough. (boo#1097248) - Fixed include for build with Qt 5.11 (boo#1093731) - You can find a detailed list of changes [here](https://www.virtualbox.org/wiki/Changelog#v16) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-938=1 Package List: - openSUSE Leap 42.3 (i586 x86_64): kbuild-0.1.9998svn3110-4.3.1 kbuild-debuginfo-0.1.9998svn3110-4.3.1 kbuild-debugsource-0.1.9998svn3110-4.3.1 - openSUSE Leap 42.3 (x86_64): python-virtualbox-5.2.18-56.1 python-virtualbox-debuginfo-5.2.18-56.1 virtualbox-5.2.18-56.1 virtualbox-debuginfo-5.2.18-56.1 virtualbox-debugsource-5.2.18-56.1 virtualbox-devel-5.2.18-56.1 virtualbox-guest-kmp-default-5.2.18_k4.4.143_65-56.1 virtualbox-guest-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1 virtualbox-guest-tools-5.2.18-56.1 virtualbox-guest-tools-debuginfo-5.2.18-56.1 virtualbox-guest-x11-5.2.18-56.1 virtualbox-guest-x11-debuginfo-5.2.18-56.1 virtualbox-host-kmp-default-5.2.18_k4.4.143_65-56.1 virtualbox-host-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1 virtualbox-qt-5.2.18-56.1 virtualbox-qt-debuginfo-5.2.18-56.1 virtualbox-vnc-5.2.18-56.1 virtualbox-websrv-5.2.18-56.1 virtualbox-websrv-debuginfo-5.2.18-56.1 - openSUSE Leap 42.3 (noarch): virtualbox-guest-desktop-icons-5.2.18-56.1 virtualbox-guest-source-5.2.18-56.1 virtualbox-host-source-5.2.18-56.1 References: https://www.suse.com/security/cve/CVE-2017-5715.html https://www.suse.com/security/cve/CVE-2018-0739.html https://www.suse.com/security/cve/CVE-2018-2676.html https://www.suse.com/security/cve/CVE-2018-2685.html https://www.suse.com/security/cve/CVE-2018-2686.html https://www.suse.com/security/cve/CVE-2018-2687.html https://www.suse.com/security/cve/CVE-2018-2688.html https://www.suse.com/security/cve/CVE-2018-2689.html https://www.suse.com/security/cve/CVE-2018-2690.html https://www.suse.com/security/cve/CVE-2018-2693.html https://www.suse.com/security/cve/CVE-2018-2694.html https://www.suse.com/security/cve/CVE-2018-2698.html https://www.suse.com/security/cve/CVE-2018-2830.html https://www.suse.com/security/cve/CVE-2018-2831.html https://www.suse.com/security/cve/CVE-2018-2835.html https://www.suse.com/security/cve/CVE-2018-2836.html https://www.suse.com/security/cve/CVE-2018-2837.html https://www.suse.com/security/cve/CVE-2018-2842.html https://www.suse.com/security/cve/CVE-2018-2843.html https://www.suse.com/security/cve/CVE-2018-2844.html https://www.suse.com/security/cve/CVE-2018-2845.html https://www.suse.com/security/cve/CVE-2018-2860.html https://www.suse.com/security/cve/CVE-2018-3005.html https://www.suse.com/security/cve/CVE-2018-3055.html https://www.suse.com/security/cve/CVE-2018-3085.html https://www.suse.com/security/cve/CVE-2018-3086.html https://www.suse.com/security/cve/CVE-2018-3087.html https://www.suse.com/security/cve/CVE-2018-3088.html https://www.suse.com/security/cve/CVE-2018-3089.html https://www.suse.com/security/cve/CVE-2018-3090.html https://www.suse.com/security/cve/CVE-2018-3091.html https://bugzilla.suse.com/1039375 https://bugzilla.suse.com/1076372 https://bugzilla.suse.com/1079838 https://bugzilla.suse.com/1093731 https://bugzilla.suse.com/1097248 https://bugzilla.suse.com/1098050 https://bugzilla.suse.com/1101667