openSUSE Leap 42.3: 2018:1057-1 Important: VirtualBox Remote Access Issues
opensuse
April 24, 2018
An update that fixes 13 vulnerabilities is now available.
Description
This update for VirtualBox to version 5.1.36 fixes multiple issues:
Security issues fixed:
- CVE-2018-0739: Unauthorized remote attacker may have caused a hang or
frequently repeatable crash (complete DOS)
- CVE-2018-2830: Attacker with host login may have compromised Virtualbox
or further system services after interaction with a third user
- CVE-2018-2831: Attacker with host login may have compromised VirtualBox
or further system services, allowing read access to some data
- CVE-2018-2835: Attacker with host login may have gained control over
VirtualBox and possibly further system services after interacting with a
third user
- CVE-2018-2836: Attacker with host login may have gained control over
VirtualBox and possibly further system services after interacting with a
third user
- CVE-2018-2837: Attacker with host login may have gained control over
VirtualBox and possibly further system services after interacting with a
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.3:
zypper in -t patch openSUSE-2018-389=1
Package List
- openSUSE Leap 42.3 (noarch):
virtualbox-guest-desktop-icons-5.1.36-50.1
virtualbox-guest-source-5.1.36-50.1
virtualbox-host-source-5.1.36-50.1
- openSUSE Leap 42.3 (x86_64):
python-virtualbox-5.1.36-50.1
python-virtualbox-debuginfo-5.1.36-50.1
virtualbox-5.1.36-50.1
virtualbox-debuginfo-5.1.36-50.1
virtualbox-debugsource-5.1.36-50.1
virtualbox-devel-5.1.36-50.1
virtualbox-guest-kmp-default-5.1.36_k4.4.126_48-50.1
virtualbox-guest-kmp-default-debuginfo-5.1.36_k4.4.126_48-50.1
virtualbox-guest-tools-5.1.36-50.1
virtualbox-guest-tools-debuginfo-5.1.36-50.1
virtualbox-guest-x11-5.1.36-50.1
virtualbox-guest-x11-debuginfo-5.1.36-50.1
virtualbox-host-kmp-default-5.1.36_k4.4.126_48-50.1
virtualbox-host-kmp-default-debuginfo-5.1.36_k4.4.126_48-50.1
virtualbox-qt-5.1.36-50.1
virtualbox-qt-debuginfo-5.1.36-50.1
virtualbox-vnc-5.1.36-50.1
virtualbox-websrv-5.1.36-50.1
virtualbox-websrv-debuginfo-5.1.36-50.1
References
https://www.suse.com/security/cve/CVE-2017-3737.html
https://www.suse.com/security/cve/CVE-2017-9798.html
https://www.suse.com/security/cve/CVE-2018-0739.html
https://www.suse.com/security/cve/CVE-2018-2830.html
https://www.suse.com/security/cve/CVE-2018-2831.html
https://www.suse.com/security/cve/CVE-2018-2835.html
https://www.suse.com/security/cve/CVE-2018-2836.html
https://www.suse.com/security/cve/CVE-2018-2837.html
https://www.suse.com/security/cve/CVE-2018-2842.html
https://www.suse.com/security/cve/CVE-2018-2843.html
https://www.suse.com/security/cve/CVE-2018-2844.html
https://www.suse.com/security/cve/CVE-2018-2845.html
https://www.suse.com/security/cve/CVE-2018-2860.html
https://bugzilla.suse.com/1089997
--
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2018:1057-1
Rating: important
Affected Products:
openSUSE Leap 42.3
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!