Lucene search

K
suseSuseOPENSUSE-SU-2019:1547-1
HistoryJun 11, 2019 - 12:00 a.m.

Security update for virtualbox (important)

2019-06-1100:00:00
lists.opensuse.org
149

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.807 High

EPSS

Percentile

98.0%

An update that fixes 30 vulnerabilities is now available.

Description:

This update for virtualbox to version 5.2.24 fixes the following issues:

Multiple security issues fixed:

 CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309,

CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526,
CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509,
CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554,
CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446,
CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506,
and CVE-2019-2553 (bsc#1122212).

Other issues fixed:

  • Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel,
    contributed by Robert Conde
  • USB: fixed a problem causing failures attaching SuperSpeed devices which
    report USB version 3.1 (rather than 3.0) on Windows hosts
  • Audio: added support for surround speaker setups used by Windows 10
    Build 1809
  • Linux hosts: fixed conflict between Debian and Oracle build desktop files
  • Linux guests: fixed building drivers on SLES 12.4
  • Linux guests: fixed building shared folder driver with older kernels

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.0:

    zypper in -t patch openSUSE-2019-1547=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.0x86_64< - openSUSE Leap 15.0 (x86_64):- openSUSE Leap 15.0 (x86_64):.x86_64.rpm
openSUSE Leap15.0noarch< - openSUSE Leap 15.0 (noarch):- openSUSE Leap 15.0 (noarch):.noarch.rpm

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.807 High

EPSS

Percentile

98.0%