openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0165-1
Rating:             important
References:         #1181197 #1181198 
Cross-References:   CVE-2021-2074 CVE-2021-2129
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for virtualbox fixes the following issues:

   Version update to 6.1.18 (released January 19 2021)

   This is a maintenance release. The following items were fixed and/or added:

   - Nested VM: Fixed hangs when executing SMP nested-guests under certain
     conditions on Intel hosts (bug #19315, #19561)
   - OCI integration: Cloud Instance parameters parsing is improved on import
     (bug #19156)
   - Network: UDP checksum offloading in e1000 no longer produces zero
     checksums (bug #19930)
   - Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP
     on host resume (bug #19620)
   - NAT: Fixed mss parameter handing (bug #15256)
   - macOS host: Multiple optimizations for BigSur
   - Audio: Fixed issues with audio playback after host goes to sleep (bug
     #18594)
   - Documentation: Some content touch-up and table formatting fixes
   - Linux host and guest: Support kernel version 5.10 (bug #20055)
   - Solaris host: Fix regression breaking VGA text mode since version 6.1.0
   - Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and
     later (bug #20091)
   - Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0
     through 3.2.50 (bug #20006)
   - Guest Additions: Fixed a VM segfault on copy with shared clipboard with
     X11 (bug #19226)
   - Shared Folder: Fixed error with remounting on Linux guests

   - Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198.

   - Disable build of guest modules. These are included in recent kernels
   - Fix additional mouse control dialog issues.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-165=1



Package List:

   - openSUSE Leap 15.2 (noarch):

      virtualbox-guest-desktop-icons-6.1.18-lp152.2.11.1
      virtualbox-host-source-6.1.18-lp152.2.11.1

   - openSUSE Leap 15.2 (x86_64):

      python3-virtualbox-6.1.18-lp152.2.11.1
      python3-virtualbox-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-6.1.18-lp152.2.11.1
      virtualbox-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-debugsource-6.1.18-lp152.2.11.1
      virtualbox-devel-6.1.18-lp152.2.11.1
      virtualbox-guest-tools-6.1.18-lp152.2.11.1
      virtualbox-guest-tools-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-guest-x11-6.1.18-lp152.2.11.1
      virtualbox-guest-x11-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-kmp-debugsource-6.1.18-lp152.2.11.1
      virtualbox-kmp-default-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-kmp-default-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-kmp-preempt-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-kmp-preempt-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-qt-6.1.18-lp152.2.11.1
      virtualbox-qt-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-vnc-6.1.18-lp152.2.11.1
      virtualbox-websrv-6.1.18-lp152.2.11.1
      virtualbox-websrv-debuginfo-6.1.18-lp152.2.11.1


References:

   https://www.suse.com/security/cve/CVE-2021-2074.html
   https://www.suse.com/security/cve/CVE-2021-2129.html
   https://bugzilla.suse.com/1181197
   https://bugzilla.suse.com/1181198