openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2975-1 Rating: moderate References: #1060072 #1064200 #1066488 Cross-References: CVE-2017-10392 CVE-2017-10407 CVE-2017-10408 CVE-2017-10428 Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for virtualbox fixes the following issues: - CVE-2017-10392: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10407: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10408: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service - CVE-2017-10428: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and partially deny service The following packaging changes are included: - Further to usage of vboxdrv if virtualbox-qt is not installed: updates to vboxdrv.sh (boo#1060072) - The virtualbox package no longer requires libX11, an library module files were moved to virtualbox-qt This update also contains all upstream improvements in the 5.1.30 release, including: - Fix for double mouse cursor when using mouse integration without Guest Additions. - Translation updates Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1267=1 - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-1267=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (x86_64): python-virtualbox-5.1.30-39.1 python-virtualbox-debuginfo-5.1.30-39.1 virtualbox-5.1.30-39.1 virtualbox-debuginfo-5.1.30-39.1 virtualbox-debugsource-5.1.30-39.1 virtualbox-devel-5.1.30-39.1 virtualbox-guest-kmp-default-5.1.30_k4.4.92_31-39.1 virtualbox-guest-kmp-default-debuginfo-5.1.30_k4.4.92_31-39.1 virtualbox-guest-tools-5.1.30-39.1 virtualbox-guest-tools-debuginfo-5.1.30-39.1 virtualbox-guest-x11-5.1.30-39.1 virtualbox-guest-x11-debuginfo-5.1.30-39.1 virtualbox-host-kmp-default-5.1.30_k4.4.92_31-39.1 virtualbox-host-kmp-default-debuginfo-5.1.30_k4.4.92_31-39.1 virtualbox-qt-5.1.30-39.1 virtualbox-qt-debuginfo-5.1.30-39.1 virtualbox-vnc-5.1.30-39.1 virtualbox-websrv-5.1.30-39.1 virtualbox-websrv-debuginfo-5.1.30-39.1 - openSUSE Leap 42.3 (noarch): virtualbox-guest-desktop-icons-5.1.30-39.1 virtualbox-guest-source-5.1.30-39.1 virtualbox-host-source-5.1.30-39.1 - openSUSE Leap 42.2 (x86_64): python-virtualbox-5.1.30-19.46.1 python-virtualbox-debuginfo-5.1.30-19.46.1 virtualbox-5.1.30-19.46.1 virtualbox-debuginfo-5.1.30-19.46.1 virtualbox-debugsource-5.1.30-19.46.1 virtualbox-devel-5.1.30-19.46.1 virtualbox-guest-kmp-default-5.1.30_k4.4.92_18.36-19.46.1 virtualbox-guest-kmp-default-debuginfo-5.1.30_k4.4.92_18.36-19.46.1 virtualbox-guest-tools-5.1.30-19.46.1 virtualbox-guest-tools-debuginfo-5.1.30-19.46.1 virtualbox-guest-x11-5.1.30-19.46.1 virtualbox-guest-x11-debuginfo-5.1.30-19.46.1 virtualbox-host-kmp-default-5.1.30_k4.4.92_18.36-19.46.1 virtualbox-host-kmp-default-debuginfo-5.1.30_k4.4.92_18.36-19.46.1 virtualbox-qt-5.1.30-19.46.1 virtualbox-qt-debuginfo-5.1.30-19.46.1 virtualbox-vnc-5.1.30-19.46.1 virtualbox-websrv-5.1.30-19.46.1 virtualbox-websrv-debuginfo-5.1.30-19.46.1 - openSUSE Leap 42.2 (noarch): virtualbox-guest-desktop-icons-5.1.30-19.46.1 virtualbox-guest-source-5.1.30-19.46.1 virtualbox-host-source-5.1.30-19.46.1 References: https://www.suse.com/security/cve/CVE-2017-10392.html https://www.suse.com/security/cve/CVE-2017-10407.html https://www.suse.com/security/cve/CVE-2017-10408.html https://www.suse.com/security/cve/CVE-2017-10428.html https://bugzilla.suse.com/1060072 https://bugzilla.suse.com/1064200 https://bugzilla.suse.com/1066488