Sicherheit: Ausführen beliebiger Kommandos in virtualbox

Lesezeichen hinzufügen

openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:3876-1
Rating: important
References: #1115041
Affected Products:
openSUSE Leap 42.3
openSUSE Leap 15.0
______________________________________________________________________________

An update that contains security fixes can now be installed.

Description:

This update for virtualbox fixes the following issues:

virtualbox was updated to version 5.2.22 (released November 09 2018 by
Oracle).

Security issues fixed:

- Fixed a guest-to-host excape via the e1000 virtual network driver
(bsc#1115041).

Non-security issues fixed:

- Audio: Fixed a regression in the Core Audio backend causing a hang when
returning from host sleep when processing input buffers.
- Audio: Fixed a potential crash in the HDA emulation if a stream has no
valid mixer sink attached.
- Linux Additions: Disable 3D for recent guests using Wayland (bug #18116).
- Linux Additions: Fix for rebuilding kernel modules for new kernels on
RPM guests.
- Linux Additions: Further fixes for Linux 4.19.
- Linux Additions: Fixed errors rebuilding initrd files with dracut on EL
6 (bug 18055#).
- Linux Additions: Fixed 5.2.20 regression: guests not remembering the
screen size after shutdown and restart (bug #18078).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1443=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1443=1

Package List:

- openSUSE Leap 42.3 (x86_64):

python-virtualbox-5.2.22-63.1
python-virtualbox-debuginfo-5.2.22-63.1
virtualbox-5.2.22-63.1
virtualbox-debuginfo-5.2.22-63.1
virtualbox-debugsource-5.2.22-63.1
virtualbox-devel-5.2.22-63.1
virtualbox-guest-kmp-default-5.2.22_k4.4.162_78-63.1
virtualbox-guest-kmp-default-debuginfo-5.2.22_k4.4.162_78-63.1
virtualbox-guest-tools-5.2.22-63.1
virtualbox-guest-tools-debuginfo-5.2.22-63.1
virtualbox-guest-x11-5.2.22-63.1
virtualbox-guest-x11-debuginfo-5.2.22-63.1
virtualbox-host-kmp-default-5.2.22_k4.4.162_78-63.1
virtualbox-host-kmp-default-debuginfo-5.2.22_k4.4.162_78-63.1
virtualbox-qt-5.2.22-63.1
virtualbox-qt-debuginfo-5.2.22-63.1
virtualbox-vnc-5.2.22-63.1
virtualbox-websrv-5.2.22-63.1
virtualbox-websrv-debuginfo-5.2.22-63.1

- openSUSE Leap 42.3 (noarch):

virtualbox-guest-desktop-icons-5.2.22-63.1
virtualbox-guest-source-5.2.22-63.1
virtualbox-host-source-5.2.22-63.1

- openSUSE Leap 15.0 (noarch):

virtualbox-guest-desktop-icons-5.2.22-lp150.4.23.1
virtualbox-guest-source-5.2.22-lp150.4.23.1
virtualbox-host-source-5.2.22-lp150.4.23.1

- openSUSE Leap 15.0 (x86_64):

python3-virtualbox-5.2.22-lp150.4.23.1
python3-virtualbox-debuginfo-5.2.22-lp150.4.23.1
virtualbox-5.2.22-lp150.4.23.1
virtualbox-debuginfo-5.2.22-lp150.4.23.1
virtualbox-debugsource-5.2.22-lp150.4.23.1
virtualbox-devel-5.2.22-lp150.4.23.1
virtualbox-guest-kmp-default-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1

virtualbox-guest-kmp-default-debuginfo-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-guest-tools-5.2.22-lp150.4.23.1
virtualbox-guest-tools-debuginfo-5.2.22-lp150.4.23.1
virtualbox-guest-x11-5.2.22-lp150.4.23.1
virtualbox-guest-x11-debuginfo-5.2.22-lp150.4.23.1
virtualbox-host-kmp-default-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1

virtualbox-host-kmp-default-debuginfo-5.2.22_k4.12.14_lp150.12.25-lp150.4.23.1
virtualbox-qt-5.2.22-lp150.4.23.1
virtualbox-qt-debuginfo-5.2.22-lp150.4.23.1
virtualbox-vnc-5.2.22-lp150.4.23.1
virtualbox-websrv-5.2.22-lp150.4.23.1
virtualbox-websrv-debuginfo-5.2.22-lp150.4.23.1

References:

https://bugzilla.suse.com/1115041

--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org