SUSE 5149 Published by

A virtualbox security update has been released for openSUSE Leap 15.2.



openSUSE-SU-2021:0165-1: important: Security update for virtualbox


openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0165-1
Rating: important
References: #1181197 #1181198
Cross-References: CVE-2021-2074 CVE-2021-2129
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that fixes two vulnerabilities is now available.

Description:

This update for virtualbox fixes the following issues:

Version update to 6.1.18 (released January 19 2021)

This is a maintenance release. The following items were fixed and/or added:

- Nested VM: Fixed hangs when executing SMP nested-guests under certain
conditions on Intel hosts (bug #19315, #19561)
- OCI integration: Cloud Instance parameters parsing is improved on import
(bug #19156)
- Network: UDP checksum offloading in e1000 no longer produces zero
checksums (bug #19930)
- Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP
on host resume (bug #19620)
- NAT: Fixed mss parameter handing (bug #15256)
- macOS host: Multiple optimizations for BigSur
- Audio: Fixed issues with audio playback after host goes to sleep (bug
#18594)
- Documentation: Some content touch-up and table formatting fixes
- Linux host and guest: Support kernel version 5.10 (bug #20055)
- Solaris host: Fix regression breaking VGA text mode since version 6.1.0
- Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and
later (bug #20091)
- Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0
through 3.2.50 (bug #20006)
- Guest Additions: Fixed a VM segfault on copy with shared clipboard with
X11 (bug #19226)
- Shared Folder: Fixed error with remounting on Linux guests

- Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198.

- Disable build of guest modules. These are included in recent kernels
- Fix additional mouse control dialog issues.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-165=1


Package List:

- openSUSE Leap 15.2 (noarch):

virtualbox-guest-desktop-icons-6.1.18-lp152.2.11.1
virtualbox-host-source-6.1.18-lp152.2.11.1

- openSUSE Leap 15.2 (x86_64):

python3-virtualbox-6.1.18-lp152.2.11.1
python3-virtualbox-debuginfo-6.1.18-lp152.2.11.1
virtualbox-6.1.18-lp152.2.11.1
virtualbox-debuginfo-6.1.18-lp152.2.11.1
virtualbox-debugsource-6.1.18-lp152.2.11.1
virtualbox-devel-6.1.18-lp152.2.11.1
virtualbox-guest-tools-6.1.18-lp152.2.11.1
virtualbox-guest-tools-debuginfo-6.1.18-lp152.2.11.1
virtualbox-guest-x11-6.1.18-lp152.2.11.1
virtualbox-guest-x11-debuginfo-6.1.18-lp152.2.11.1
virtualbox-kmp-debugsource-6.1.18-lp152.2.11.1
virtualbox-kmp-default-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
virtualbox-kmp-default-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
virtualbox-kmp-preempt-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
virtualbox-kmp-preempt-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
virtualbox-qt-6.1.18-lp152.2.11.1
virtualbox-qt-debuginfo-6.1.18-lp152.2.11.1
virtualbox-vnc-6.1.18-lp152.2.11.1
virtualbox-websrv-6.1.18-lp152.2.11.1
virtualbox-websrv-debuginfo-6.1.18-lp152.2.11.1

References:

  https://www.suse.com/security/cve/CVE-2021-2074.html
  https://www.suse.com/security/cve/CVE-2021-2129.html
  https://bugzilla.suse.com/1181197
  https://bugzilla.suse.com/1181198