Security update for virtualbox (important)

2018-04-24T03:20:04
ID OPENSUSE-SU-2018:1057-1
Type suse
Reporter Suse
Modified 2018-04-24T03:20:04

Description

This update for VirtualBox to version 5.1.36 fixes multiple issues:

Security issues fixed:

  • CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS)
  • CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user
  • CVE-2018-2831: Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data
  • CVE-2018-2835: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user
  • CVE-2018-2836: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user
  • CVE-2018-2837: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user
  • CVE-2018-2842: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user
  • CVE-2018-2843: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user
  • CVE-2018-2844: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user
  • CVE-2018-2845: Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data
  • CVE-2018-2860: Privileged attacker may have gained control over VirtualBox and possibly further system services

<a rel="nofollow" href="http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781">http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-36781</a> 08.html <a rel="nofollow" href="http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html">http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html</a> #AppendixOVIR

This update also contains all upstream fixes and improvements in the stable 5.1.36 release.