A virtualbox security update has been released for openSUSE Leap 15.4.

openSUSE-SU-2023:0033-1: important: Security update for virtualbox

openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2023:0033-1
Rating: important
References:
Cross-References: CVE-2023-21884 CVE-2023-21885 CVE-2023-21886
CVE-2023-21889 CVE-2023-21898 CVE-2023-21899

CVSS scores:
CVE-2023-21884 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2023-21885 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2023-21886 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2023-21889 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2023-21898 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2023-21899 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
openSUSE Leap 15.4
______________________________________________________________________________

An update that fixes 6 vulnerabilities is now available.

Description:

This update for virtualbox fixes the following issues:

VirtualBox 7.0.6 (released January 17 2023)

This is a maintenance release. The following items were fixed and/or
added: [1]

- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without
unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in
command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK
image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse,
twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp
command
- Mouse Integration: Guest was provided with extended host mouse state
(bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories
(bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on
Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated;
please use "--audio-driver" and "--audio-enabled" instead. This will
allow more flexibility when changing the driver and/or controlling the
audio functionality

Additionally, it fixes 6 CVE's: CVE-2023-21886, CVE-2023-21898,
CVE-2023-21899, CVE-2023-21884, CVE-2023-21885, CVE-2023-21889

Links:

[1]   https://www.virtualbox.org/wiki/Changelog-7.0#v6 [2]
  https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.4:

zypper in -t patch openSUSE-2023-33=1


Package List:

- openSUSE Leap 15.4 (x86_64):

python3-virtualbox-7.0.6-lp154.2.26.2
python3-virtualbox-debuginfo-7.0.6-lp154.2.26.2
virtualbox-7.0.6-lp154.2.26.2
virtualbox-debuginfo-7.0.6-lp154.2.26.2
virtualbox-debugsource-7.0.6-lp154.2.26.2
virtualbox-devel-7.0.6-lp154.2.26.2
virtualbox-guest-tools-7.0.6-lp154.2.26.2
virtualbox-guest-tools-debuginfo-7.0.6-lp154.2.26.2
virtualbox-kmp-debugsource-7.0.6-lp154.2.26.2
virtualbox-kmp-default-7.0.6_k5.14.21_150400.24.41-lp154.2.26.2
virtualbox-kmp-default-debuginfo-7.0.6_k5.14.21_150400.24.41-lp154.2.26.2
virtualbox-qt-7.0.6-lp154.2.26.2
virtualbox-qt-debuginfo-7.0.6-lp154.2.26.2
virtualbox-vnc-7.0.6-lp154.2.26.2
virtualbox-websrv-7.0.6-lp154.2.26.2
virtualbox-websrv-debuginfo-7.0.6-lp154.2.26.2

- openSUSE Leap 15.4 (noarch):

virtualbox-guest-desktop-icons-7.0.6-lp154.2.26.2
virtualbox-guest-source-7.0.6-lp154.2.26.2
virtualbox-host-source-7.0.6-lp154.2.26.2

References:

  https://www.suse.com/security/cve/CVE-2023-21884.html
  https://www.suse.com/security/cve/CVE-2023-21885.html
  https://www.suse.com/security/cve/CVE-2023-21886.html
  https://www.suse.com/security/cve/CVE-2023-21889.html
  https://www.suse.com/security/cve/CVE-2023-21898.html
  https://www.suse.com/security/cve/CVE-2023-21899.html