openSUSE Security Update: Security update for virtualbox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2023:0033-1
Rating:             important
References:         
Cross-References:   CVE-2023-21884 CVE-2023-21885 CVE-2023-21886
                    CVE-2023-21889 CVE-2023-21898 CVE-2023-21899
                   
CVSS scores:
                    CVE-2023-21884 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
                    CVE-2023-21885 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
                    CVE-2023-21886 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2023-21889 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
                    CVE-2023-21898 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
                    CVE-2023-21899 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:

   This update for virtualbox fixes the following issues:

   VirtualBox 7.0.6 (released January 17 2023)

   This is a maintenance release. The following items were fixed and/or
   added: [1]

   - VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without
     unrestricted guest support (bug #21332)
   - GUI: Fixed virtual machines grouping when VM was created or modified in
     command line (bugs #11500, #20933)
   - GUI: Introduced generic changes in settings dialogs
   - VirtioNet: Fixed broken network after loading saved state (bug #21172)
   - Storage: Added support for increasing the size of the following VMDK
     image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse,
     twoGbMaxExtentFlat
   - VBoxManage: Added missing --directory switch for guestcontrol mktemp
     command
   - Mouse Integration: Guest was provided with extended host mouse state
     (bug #21139)
   - DnD: Introduced generic improvements
   - Guest Control: Fixed handling creation mode for temporary directories
     (bug #21394)
   - Linux Host and Guest: Added initial support for building UEK7 kernel on
     Oracle Linux 8
   - Linux Host and Guest: Added initial support for RHEL 9.1 kernel
   - Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
   - Audio: The "--audio" option in VBoxManage is now marked as deprecated;
     please use "--audio-driver" and "--audio-enabled" instead. This will
     allow more flexibility when changing the driver and/or controlling the
     audio functionality

   Additionally, it fixes 6 CVE's: CVE-2023-21886, CVE-2023-21898,
   CVE-2023-21899, CVE-2023-21884, CVE-2023-21885, CVE-2023-21889

   Links:

   [1] https://www.virtualbox.org/wiki/Changelog-7.0#v6 [2]
   https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-2023-33=1



Package List:

   - openSUSE Leap 15.4 (x86_64):

      python3-virtualbox-7.0.6-lp154.2.26.2
      python3-virtualbox-debuginfo-7.0.6-lp154.2.26.2
      virtualbox-7.0.6-lp154.2.26.2
      virtualbox-debuginfo-7.0.6-lp154.2.26.2
      virtualbox-debugsource-7.0.6-lp154.2.26.2
      virtualbox-devel-7.0.6-lp154.2.26.2
      virtualbox-guest-tools-7.0.6-lp154.2.26.2
      virtualbox-guest-tools-debuginfo-7.0.6-lp154.2.26.2
      virtualbox-kmp-debugsource-7.0.6-lp154.2.26.2
      virtualbox-kmp-default-7.0.6_k5.14.21_150400.24.41-lp154.2.26.2
      virtualbox-kmp-default-debuginfo-7.0.6_k5.14.21_150400.24.41-lp154.2.26.2
      virtualbox-qt-7.0.6-lp154.2.26.2
      virtualbox-qt-debuginfo-7.0.6-lp154.2.26.2
      virtualbox-vnc-7.0.6-lp154.2.26.2
      virtualbox-websrv-7.0.6-lp154.2.26.2
      virtualbox-websrv-debuginfo-7.0.6-lp154.2.26.2

   - openSUSE Leap 15.4 (noarch):

      virtualbox-guest-desktop-icons-7.0.6-lp154.2.26.2
      virtualbox-guest-source-7.0.6-lp154.2.26.2
      virtualbox-host-source-7.0.6-lp154.2.26.2


References:

   https://www.suse.com/security/cve/CVE-2023-21884.html
   https://www.suse.com/security/cve/CVE-2023-21885.html
   https://www.suse.com/security/cve/CVE-2023-21886.html
   https://www.suse.com/security/cve/CVE-2023-21889.html
   https://www.suse.com/security/cve/CVE-2023-21898.html
   https://www.suse.com/security/cve/CVE-2023-21899.html

openSUSE: 2023:0033-1 important: virtualbox

January 29, 2023
An update that fixes 6 vulnerabilities is now available

Description

This update for virtualbox fixes the following issues: VirtualBox 7.0.6 (released January 17 2023) This is a maintenance release. The following items were fixed and/or added: [1] - VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332) - GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933) - GUI: Introduced generic changes in settings dialogs - VirtioNet: Fixed broken network after loading saved state (bug #21172) - Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat - VBoxManage: Added missing --directory switch for guestcontrol mktemp command - Mouse Integration: Guest was provided with extended host mouse state (bug #21139) - DnD: Introduced generic improvements - Guest Control: Fixed handling creation mode for temporary directories (bug #21394) - Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8 - Linux Host and Guest: Added initial support for RHEL 9.1 kernel - Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo - Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality Additionally, it fixes 6 CVE's: CVE-2023-21886, CVE-2023-21898, CVE-2023-21899, CVE-2023-21884, CVE-2023-21885, CVE-2023-21889 Links: [1] https://www.virtualbox.org/wiki/Changelog-7.0#v6 [2] https://www.oracle.com/security-alerts/cpujan2023.html#AppendixOVIR

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-2023-33=1


Package List

- openSUSE Leap 15.4 (x86_64): python3-virtualbox-7.0.6-lp154.2.26.2 python3-virtualbox-debuginfo-7.0.6-lp154.2.26.2 virtualbox-7.0.6-lp154.2.26.2 virtualbox-debuginfo-7.0.6-lp154.2.26.2 virtualbox-debugsource-7.0.6-lp154.2.26.2 virtualbox-devel-7.0.6-lp154.2.26.2 virtualbox-guest-tools-7.0.6-lp154.2.26.2 virtualbox-guest-tools-debuginfo-7.0.6-lp154.2.26.2 virtualbox-kmp-debugsource-7.0.6-lp154.2.26.2 virtualbox-kmp-default-7.0.6_k5.14.21_150400.24.41-lp154.2.26.2 virtualbox-kmp-default-debuginfo-7.0.6_k5.14.21_150400.24.41-lp154.2.26.2 virtualbox-qt-7.0.6-lp154.2.26.2 virtualbox-qt-debuginfo-7.0.6-lp154.2.26.2 virtualbox-vnc-7.0.6-lp154.2.26.2 virtualbox-websrv-7.0.6-lp154.2.26.2 virtualbox-websrv-debuginfo-7.0.6-lp154.2.26.2 - openSUSE Leap 15.4 (noarch): virtualbox-guest-desktop-icons-7.0.6-lp154.2.26.2 virtualbox-guest-source-7.0.6-lp154.2.26.2 virtualbox-host-source-7.0.6-lp154.2.26.2


References

https://www.suse.com/security/cve/CVE-2023-21884.html https://www.suse.com/security/cve/CVE-2023-21885.html https://www.suse.com/security/cve/CVE-2023-21886.html https://www.suse.com/security/cve/CVE-2023-21889.html https://www.suse.com/security/cve/CVE-2023-21898.html https://www.suse.com/security/cve/CVE-2023-21899.html


Severity
Announcement ID: openSUSE-SU-2023:0033-1
Rating: important
Affected Products: openSUSE Leap 15.4 .

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved