openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:0165-1
Rating:             important
References:         #1181197 #1181198 
Cross-References:   CVE-2021-2074 CVE-2021-2129
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

   This update for virtualbox fixes the following issues:

   Version update to 6.1.18 (released January 19 2021)

   This is a maintenance release. The following items were fixed and/or added:

   - Nested VM: Fixed hangs when executing SMP nested-guests under certain
     conditions on Intel hosts (bug #19315, #19561)
   - OCI integration: Cloud Instance parameters parsing is improved on import
     (bug #19156)
   - Network: UDP checksum offloading in e1000 no longer produces zero
     checksums (bug #19930)
   - Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP
     on host resume (bug #19620)
   - NAT: Fixed mss parameter handing (bug #15256)
   - macOS host: Multiple optimizations for BigSur
   - Audio: Fixed issues with audio playback after host goes to sleep (bug
     #18594)
   - Documentation: Some content touch-up and table formatting fixes
   - Linux host and guest: Support kernel version 5.10 (bug #20055)
   - Solaris host: Fix regression breaking VGA text mode since version 6.1.0
   - Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and
     later (bug #20091)
   - Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0
     through 3.2.50 (bug #20006)
   - Guest Additions: Fixed a VM segfault on copy with shared clipboard with
     X11 (bug #19226)
   - Shared Folder: Fixed error with remounting on Linux guests

   - Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198.

   - Disable build of guest modules. These are included in recent kernels
   - Fix additional mouse control dialog issues.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-165=1



Package List:

   - openSUSE Leap 15.2 (noarch):

      virtualbox-guest-desktop-icons-6.1.18-lp152.2.11.1
      virtualbox-host-source-6.1.18-lp152.2.11.1

   - openSUSE Leap 15.2 (x86_64):

      python3-virtualbox-6.1.18-lp152.2.11.1
      python3-virtualbox-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-6.1.18-lp152.2.11.1
      virtualbox-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-debugsource-6.1.18-lp152.2.11.1
      virtualbox-devel-6.1.18-lp152.2.11.1
      virtualbox-guest-tools-6.1.18-lp152.2.11.1
      virtualbox-guest-tools-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-guest-x11-6.1.18-lp152.2.11.1
      virtualbox-guest-x11-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-kmp-debugsource-6.1.18-lp152.2.11.1
      virtualbox-kmp-default-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-kmp-default-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-kmp-preempt-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-kmp-preempt-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1
      virtualbox-qt-6.1.18-lp152.2.11.1
      virtualbox-qt-debuginfo-6.1.18-lp152.2.11.1
      virtualbox-vnc-6.1.18-lp152.2.11.1
      virtualbox-websrv-6.1.18-lp152.2.11.1
      virtualbox-websrv-debuginfo-6.1.18-lp152.2.11.1


References:

   https://www.suse.com/security/cve/CVE-2021-2074.html
   https://www.suse.com/security/cve/CVE-2021-2129.html
   https://bugzilla.suse.com/1181197
   https://bugzilla.suse.com/1181198

openSUSE: 2021:0165-1 important: virtualbox

January 25, 2021
An update that fixes two vulnerabilities is now available

Description

This update for virtualbox fixes the following issues: Version update to 6.1.18 (released January 19 2021) This is a maintenance release. The following items were fixed and/or added: - Nested VM: Fixed hangs when executing SMP nested-guests under certain conditions on Intel hosts (bug #19315, #19561) - OCI integration: Cloud Instance parameters parsing is improved on import (bug #19156) - Network: UDP checksum offloading in e1000 no longer produces zero checksums (bug #19930) - Network: Fixed Host-Only Ethernet Adapter DHCP, guest os can not get IP on host resume (bug #19620) - NAT: Fixed mss parameter handing (bug #15256) - macOS host: Multiple optimizations for BigSur - Audio: Fixed issues with audio playback after host goes to sleep (bug #18594) - Documentation: Some content touch-up and table formatting fixes - Linux host and guest: Support kernel version 5.10 (bug #20055) - Solaris host: Fix regression breaking VGA text mode since version 6.1.0 - Guest Additions: Fixed a build failure affecting CentOS 8.2-2004 and later (bug #20091) - Guest Additions: Fixed a build failure affecting Linux kernels 3.2.0 through 3.2.50 (bug #20006) - Guest Additions: Fixed a VM segfault on copy with shared clipboard with X11 (bug #19226) - Shared Folder: Fixed error with remounting on Linux guests - Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. - Disable build of guest modules. These are included in recent kernels - Fix additional mouse control dialog issues.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-165=1


Package List

- openSUSE Leap 15.2 (noarch): virtualbox-guest-desktop-icons-6.1.18-lp152.2.11.1 virtualbox-host-source-6.1.18-lp152.2.11.1 - openSUSE Leap 15.2 (x86_64): python3-virtualbox-6.1.18-lp152.2.11.1 python3-virtualbox-debuginfo-6.1.18-lp152.2.11.1 virtualbox-6.1.18-lp152.2.11.1 virtualbox-debuginfo-6.1.18-lp152.2.11.1 virtualbox-debugsource-6.1.18-lp152.2.11.1 virtualbox-devel-6.1.18-lp152.2.11.1 virtualbox-guest-tools-6.1.18-lp152.2.11.1 virtualbox-guest-tools-debuginfo-6.1.18-lp152.2.11.1 virtualbox-guest-x11-6.1.18-lp152.2.11.1 virtualbox-guest-x11-debuginfo-6.1.18-lp152.2.11.1 virtualbox-kmp-debugsource-6.1.18-lp152.2.11.1 virtualbox-kmp-default-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-kmp-default-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-kmp-preempt-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-kmp-preempt-debuginfo-6.1.18_k5.3.18_lp152.60-lp152.2.11.1 virtualbox-qt-6.1.18-lp152.2.11.1 virtualbox-qt-debuginfo-6.1.18-lp152.2.11.1 virtualbox-vnc-6.1.18-lp152.2.11.1 virtualbox-websrv-6.1.18-lp152.2.11.1 virtualbox-websrv-debuginfo-6.1.18-lp152.2.11.1


References

https://www.suse.com/security/cve/CVE-2021-2074.html https://www.suse.com/security/cve/CVE-2021-2129.html https://bugzilla.suse.com/1181197 https://bugzilla.suse.com/1181198


Severity
Announcement ID: openSUSE-SU-2021:0165-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved