An update that fixes 11 vulnerabilities is now available.
Description:
This update for virtualbox to version 5.1.32 fixes the following issues:
The following vulnerabilities were fixed (boo#1076372):
- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, also known as "Spectre", bsc#1068032. - CVE-2018-2676: Local authenticated attacker may gain elevated privileges - CVE-2018-2685: Local authenticated attacker may gain elevated privileges - CVE-2018-2686: Local authenticated attacker may gain elevated privileges - CVE-2018-2687: Local authenticated attacker may gain elevated privileges - CVE-2018-2688: Local authenticated attacker may gain elevated privileges - CVE-2018-2689: Local authenticated attacker may gain elevated privileges - CVE-2018-2690: Local authenticated attacker may gain elevated privileges - CVE-2018-2693: Local authenticated attacker may gain elevated privileges via guest additions - CVE-2018-2694: Local authenticated attacker may gain elevated privileges - CVE-2018-2698: Local authenticated attacker may gain elevated privileges
The following bug fixes are included:
- fix occasional screen corruption when host screen resolution is changed - increase proposed disk size when creating new VMs for Windows 7 and newer - fix broken communication with certain devices on Linux hosts - Fix problems using 256MB VRAM in raw-mode VMs - add HDA support for more exotic guests (e.g. Haiku) - fix playback with ALSA backend (5.1.28 regression) - fix a problem where OHCI emulation might sporadically drop data transfers
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-75=1
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2018-75=1
To bring your system up-to-date, use "zypper patch".