Security update for virtualbox (important)

An update that solves four vulnerabilities and has two
fixes is now available.

Description:

This update for virtualbox fixes the following issues:

Version bump to 6.1.26 (released July 28 2021 by Oracle)

This is a maintenance release. The following items were fixed and/or added:

• VMSVGA: fixed VM screen artifacts after restoring from saved state (bug
  #20067)
• Storage: Fixed audio endianness for certain CUE sheet CD/DVD images.
• VBoxHeadless: Running VM will save its state on host shutdown
• VBoxManage: Fix OS detection for Ubuntu 20.10 ISO with unattended install
• Linux Additions: Fixed mouse pointer offsetting issue for VMSVGA
  graphics adapter in multi-monitor VM setup (6.1.24 regression)

Version bump to 6.1.24 (released July 20 2021 by Oracle)

This is a maintenance release. The following items were fixed and/or added:

• Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI
  port higher than 30 (bug #20213)

• Storage: Improvement to DVD medium change signaling

• Serial: Fixed a the guest missing interrupts under certain circumstances
  (6.0 regression, bug #18668)

• Audio: Multiple fixes and enhancements

• Network: Fixed connectivity issue with virtio-net after resuming VM with
  disconnected link

• Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of
  payload at the end of the first fragment

• API: Fixed VM configuration for recent Windows Server versions

• Extension Pack: Fixed issues with USB webcam pass-through on Linux

• Host and guest driver: Fix small memory leak (bug #20280)

• Linux host and guest: Support kernel version 5.13 (bug #20456)

• Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3
  kernels (bug #20396)

• Linux host: Installer will not attempt to build kernel modules if system
  already has them installed and modules versions match current version

• Guest Additions: Fixed crash on using shared clipboard (bug #19165)

• Linux Guest Additions: Introduce support for Ubuntu specific kernels
  (bug #20325)

• Solaris guest: Increased default memory and disk sizes

• EFI: Support network booting with the E1000 network controller emulation

• EFI: Stability improvements (bug #20090)

• This release fixes boo#1188535, VUL-0: CVE-2021-2454, boo#1188536,
  VUL-0: CVE-2021-2409, boo#1188537, VUL-0: CVE-2021-2442, and
  boo#1188538, VUL-0: CVE-2021-2443.

• Add vboximg-mount to packaging. boo#1188045.

• Fixed CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as
  shown in boo#1188105.

• Disable the build of kmp vboxvideo, at least temporarily.

• Correct WantedBy entry in vboxadd-service

• Require which for /usr/lib/virtualbox/vboxadd-service

• fix license packaging, small cruft cleanup (avoid owning directories
  provided by filesystem rpm)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.2:

  zypper in -t patch openSUSE-2021-1114=1