openSUSE-SU-2017:0332-1: important: Security update for virtualbox - openSUSE Updates

30 Jan 2017


      openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________
Announcement ID:    openSUSE-SU-2017:0332-1
Rating:             important
References:         #1020856 
Cross-References:   CVE-2016-5545 CVE-2017-3290 CVE-2017-3316
                    CVE-2017-3332
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for virtualbox to version 5.0.32 fixes the following issues:
These security issues were fixed:
- CVE-2016-5545: Vulnerability in the GUI subcomponent of virtualbox
     allows unauthenticated attacker  unauthorized update, insert or delete
     access to some data as well as unauthorized read access to a subset of
     VirtualBox accessible data and unauthorized ability to cause a partial
     denial of service (bsc#1020856).
   - CVE-2017-3290: Vulnerability in the Shared Folder subcomponent of
     virtualbox allows high privileged attacker unauthorized creation,
     deletion or modification access to critical data and unauthorized
     ability to cause a hang or frequently repeatable crash (bsc#1020856).
   - CVE-2017-3316: Vulnerability in the GUI subcomponent of virtualbox
     allows high privileged attacker with network access via multiple
     protocols to compromise Oracle VM VirtualBox (bsc#1020856).
   - CVE-2017-3332: Vulnerability in the SVGA Emulation subcomponent of
     virtualbox allows low privileged attacker unauthorized creation,
     deletion or modification access to critical data and unauthorized
     ability to cause a hang or frequently repeatable crash (bsc#1020856).
For other changes please read the changelog.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2017-178=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE Leap 42.1 (x86_64):
python-virtualbox-5.0.32-34.1
      python-virtualbox-debuginfo-5.0.32-34.1
      virtualbox-5.0.32-34.1
      virtualbox-debuginfo-5.0.32-34.1
      virtualbox-debugsource-5.0.32-34.1
      virtualbox-devel-5.0.32-34.1
      virtualbox-guest-kmp-default-5.0.32_k4.1.36_44-34.1
      virtualbox-guest-kmp-default-debuginfo-5.0.32_k4.1.36_44-34.1
      virtualbox-guest-tools-5.0.32-34.1
      virtualbox-guest-tools-debuginfo-5.0.32-34.1
      virtualbox-guest-x11-5.0.32-34.1
      virtualbox-guest-x11-debuginfo-5.0.32-34.1
      virtualbox-host-kmp-default-5.0.32_k4.1.36_44-34.1
      virtualbox-host-kmp-default-debuginfo-5.0.32_k4.1.36_44-34.1
      virtualbox-qt-5.0.32-34.1
      virtualbox-qt-debuginfo-5.0.32-34.1
      virtualbox-websrv-5.0.32-34.1
      virtualbox-websrv-debuginfo-5.0.32-34.1
- openSUSE Leap 42.1 (noarch):
virtualbox-guest-desktop-icons-5.0.32-34.1
      virtualbox-host-source-5.0.32-34.1
References:
https://www.suse.com/security/cve/CVE-2016-5545.html
   https://www.suse.com/security/cve/CVE-2017-3290.html
   https://www.suse.com/security/cve/CVE-2017-3316.html
   https://www.suse.com/security/cve/CVE-2017-3332.html
   https://bugzilla.suse.com/1020856