Security update for virtualbox (important)

This update for virtualbox to version 5.1.22 fixes the following issues:

These security issues were fixed (bsc#1034854):

• CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  takeover of Oracle VM VirtualBox.
• CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  takeover of Oracle VM VirtualBox.
• CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  takeover of Oracle VM VirtualBox.
• CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized creation, deletion or modification access to critical data
  or all Oracle VM VirtualBox accessible data and unauthorized ability to
  cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
  VirtualBox.
• CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows high privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized creation, deletion or modification access to critical data
  or all Oracle VM VirtualBox accessible data and unauthorized ability to
  cause a hang or frequently repeatable crash (complete DOS) of Oracle VM
  VirtualBox.
• CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Shared Folder). Difficult to
  exploit vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized creation, deletion or modification access to critical data
  or all Oracle VM VirtualBox accessible data as well as unauthorized
  access to critical data or complete access to all Oracle VM VirtualBox
  accessible data.
• CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Difficult to exploit
  vulnerability allows high privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized read access to a subset of Oracle VM VirtualBox accessible
  data.
• CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows unauthenticated attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized ability to cause a hang or frequently repeatable crash
  (complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
  insert or delete access to some of Oracle VM VirtualBox accessible data
  and unauthorized read access to a subset of Oracle VM VirtualBox
  accessible data.
• CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of
  Oracle Virtualization (subcomponent: Core). Easily exploitable
  vulnerability allows low privileged attacker with logon to the
  infrastructure where Oracle VM VirtualBox executes to compromise Oracle
  VM VirtualBox. Successful attacks of this vulnerability can result in
  unauthorized ability to cause a hang or frequently repeatable crash
  (complete DOS) of Oracle VM VirtualBox as well as unauthorized update,
  insert or delete access to some of Oracle VM VirtualBox accessible data
  and unauthorized read access to a subset of Oracle VM VirtualBox
  accessible data.

These non-security issues were fixed:

• GUI: don’t check if the Extension Pack is up-to-date if the user is
  about to install a new Extension Pack
• GUI: fixed a possible crash when switching a multi-monitor VM into
  full-screen or seamless mode
• GUI: several mini-toolbar fixes in full-screen / seamless mode
• GUI: don’t crash on restoring defaults in the appliance import dialog
• ICH9: fix for Windows guests with a huge amount (more than 64G) of guest
  memory
• BIOS: fixed El Torito hard disk emulation geometry calculation
• VMM: fixed VERR_IEM_INSTR_NOT_IMPLEMENTED Guru Meditation under certain
  conditions
• Storage: fixed a potential hang under rare circumstances
• Storage: fixed a potential crash under rare circumstances (asynchronous
  I/O disabled or during maintenance file operations like merging
  snapshots)
• Linux hosts: make the ALSA backend work again as well as loading the GL
  libraries on certain hosts
• Linux Additions: fixed mount.vboxsf symlink problem