Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 488
Alerts This Week
Warning Icon 1 488

openSUSE Leap 42.3: Important Security Issues in Kbuild And Virtualbox

opensuse
Calendar Grey August 27, 2018
Scroller Opensuse
Critical patch released for kernel build and VirtualBox resolves 31 vulnerabilities in openSUSE Leap 42.3. Read the full report and apply the update immediately!
An update that fixes 31 vulnerabilities is now available.

Description

This update for kbuild, virtualbox fixes the following issues:

kbuild changes:

- Update to version 0.1.9998svn3110

- Do not assume glibc glob internals

- Support GLIBC glob interface version 2

- Fix build failure (boo#1079838)

- Fix build with GCC7 (boo#1039375)

- Fix build by disabling vboxvideo_drv.so

virtualbox security fixes (boo#1101667, boo#1076372):

- CVE-2018-3005

- CVE-2018-3055

- CVE-2018-3085

- CVE-2018-3086

- CVE-2018-3087

- CVE-2018-3088

- CVE-2018-3089

- CVE-2018-3090

- CVE-2018-3091

- CVE-2018-2694

- CVE-2018-2698

- CVE-2018-2685

- CVE-2018-2686

- CVE-2018-2687

- CVE-2018-2688

- CVE-2018-2689

- CVE-2018-2690

- CVE-2018-2676

- CVE-2018-2693

- CVE-2017-5715

virtualbox other changes:

- Version bump to 5.2.16

- Use %{?linux_make_arch} when building kernel modules (boo#1098050)

- Fixed vboxguestconfig.sh script

- Update warning regarding the security hole in USB...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-938=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

kbuild-0.1.9998svn3110-4.3.1

kbuild-debuginfo-0.1.9998svn3110-4.3.1

kbuild-debugsource-0.1.9998svn3110-4.3.1

- openSUSE Leap 42.3 (x86_64):

python-virtualbox-5.2.18-56.1

python-virtualbox-debuginfo-5.2.18-56.1

virtualbox-5.2.18-56.1

virtualbox-debuginfo-5.2.18-56.1

virtualbox-debugsource-5.2.18-56.1

virtualbox-devel-5.2.18-56.1

virtualbox-guest-kmp-default-5.2.18_k4.4.143_65-56.1

virtualbox-guest-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1

virtualbox-guest-tools-5.2.18-56.1

virtualbox-guest-tools-debuginfo-5.2.18-56.1

virtualbox-guest-x11-5.2.18-56.1

virtualbox-guest-x11-debuginfo-5.2.18-56.1

virtualbox-host-kmp-default-5.2.18_k4.4.143_65-56.1

virtualbox-host-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1

virtualbox-qt-5.2.18-56.1

virtualbox-qt-debuginfo-5.2.18-56.1

virtualbox-vnc-5.2.18-56.1

virtualbox-websrv-5.2.18-56.1

virtualbox-websrv-debuginfo-5.2.18-56.1

- openSUSE Leap 42.3 (noarch):

virtualbox-guest-desktop-icons-5.2.18-56.1

virtualbox-guest-source-5.2.18-56.1

virtua...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2017-5715.html

https://www.suse.com/security/cve/CVE-2018-0739.html

https://www.suse.com/security/cve/CVE-2018-2676.html

https://www.suse.com/security/cve/CVE-2018-2685.html

https://www.suse.com/security/cve/CVE-2018-2686.html

https://www.suse.com/security/cve/CVE-2018-2687.html

https://www.suse.com/security/cve/CVE-2018-2688.html

https://www.suse.com/security/cve/CVE-2018-2689.html

https://www.suse.com/security/cve/CVE-2018-2690.html

https://www.suse.com/security/cve/CVE-2018-2693.html

https://www.suse.com/security/cve/CVE-2018-2694.html

https://www.suse.com/security/cve/CVE-2018-2698.html

https://www.suse.com/security/cve/CVE-2018-2830.html

https://www.suse.com/security/cve/CVE-2018-2831.html

https://www.suse.com/security/cve/CVE-2018-2835.html

https://www.suse.com/security/cve/CVE-2018-2836.html

https://www.suse.com/security/cve/CVE-2018-2837.html

https://www.suse.com/security/cve/CVE-2018-2842.html

https://www.suse.com/security/cve/CVE-2018-2843.html

https://www....

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2524-1
Rating: important
Affected Products: openSUSE Leap 42.3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.