Alerts This Week
Warning Icon 1 535
Alerts This Week
Warning Icon 1 535

openSUSE: 2021:0630-1 Important: VirtualBox Security Issues Resolved

opensuse
Calendar Grey April 30, 2021
Dist Opensuse Esm H88
An important security update for VirtualBox on openSUSE Leap 15.2 addressing multiple critical issues and enhancements.
An update that solves three vulnerabilities and has two fixes is now available

Description

This update for virtualbox fixes the following issues:

- Version bump to 6.1.20 (released April 20 2021 by Oracle) Fixes

boo#1183329 "virtualbox 6.1.18 crashes when it runs nested VM" Fixes

boo#1183125 "Leap 15.3 installation in Virtualbox without VBox

integration" Fixes CVE-2021-2264 and boo#1184542. The directory for the

.start files for autostarting VMs is moved from /etc/vbox to

/etc/vbox/autostart.d. In addition, the autostart service is hardened

(by Oracle).

- change the modalias for guest-tools and guest-x11 to get them to

autoinstall.

- Own %{_sysconfdir}/X11/xinit/xinitrc.d as default packages (eg systemd)

no longer do so, breaking package build.

- Update fixes_for_leap15.3 for kernel API changes between 5.3.18-45 and

5.3.18-47.

- update-extpack.sh: explicitly use https:// protocol for authenticity.

The http:// URL is currently redirected to https:// but don't rely on

this.

- Add code to generate...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security issue update important fix important patch virtual machine openSUSE VirtualBox guest tools

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-630=1

Package List

- openSUSE Leap 15.2 (noarch):

virtualbox-guest-desktop-icons-6.1.20-lp152.2.21.1

virtualbox-guest-source-6.1.20-lp152.2.21.1

virtualbox-host-source-6.1.20-lp152.2.21.1

- openSUSE Leap 15.2 (x86_64):

python3-virtualbox-6.1.20-lp152.2.21.1

python3-virtualbox-debuginfo-6.1.20-lp152.2.21.1

virtualbox-6.1.20-lp152.2.21.1

virtualbox-debuginfo-6.1.20-lp152.2.21.1

virtualbox-debugsource-6.1.20-lp152.2.21.1

virtualbox-devel-6.1.20-lp152.2.21.1

virtualbox-guest-tools-6.1.20-lp152.2.21.1

virtualbox-guest-tools-debuginfo-6.1.20-lp152.2.21.1

virtualbox-guest-x11-6.1.20-lp152.2.21.1

virtualbox-guest-x11-debuginfo-6.1.20-lp152.2.21.1

virtualbox-kmp-debugsource-6.1.20-lp152.2.21.1

virtualbox-kmp-default-6.1.20_k5.3.18_lp152.72-lp152.2.21.1

virtualbox-kmp-default-debuginfo-6.1.20_k5.3.18_lp152.72-lp152.2.21.1

virtualbox-kmp-preempt-6.1.20_k5.3.18_lp152.72-lp152.2.21.1

virtualbox-kmp-preempt-debuginfo-6.1.20_k5.3.18_lp152.72-lp152.2.21.1

virtualbox-qt-6.1.20-lp152.2.21.1

virtualbox-qt-debuginfo-6.1.20-lp152.2.21.1

virtualbo...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2021-2074.html

https://www.suse.com/security/cve/CVE-2021-2129.html

https://www.suse.com/security/cve/CVE-2021-2264.html

https://bugzilla.suse.com/1181197

https://bugzilla.suse.com/1181198

https://bugzilla.suse.com/1183125

https://bugzilla.suse.com/1183329

https://bugzilla.suse.com/1184542

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:0630-1
Rating: important
Affected Products: openSUSE Leap 15.2 ble.

Topics%20covered

Topics Covered

security advisory security issue update important fix important patch virtual machine openSUSE VirtualBox guest tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here