8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
An update that solves four vulnerabilities and has two
fixes is now available.
Description:
This update for virtualbox fixes the following issues:
Version bump to 6.1.26 (released July 28 2021 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
Version bump to 6.1.24 (released July 20 2021 by Oracle)
This is a maintenance release. The following items were fixed and/or added:
Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI
port higher than 30 (bug #20213)
Storage: Improvement to DVD medium change signaling
Serial: Fixed a the guest missing interrupts under certain circumstances
(6.0 regression, bug #18668)
Audio: Multiple fixes and enhancements
Network: Fixed connectivity issue with virtio-net after resuming VM with
disconnected link
Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of
payload at the end of the first fragment
API: Fixed VM configuration for recent Windows Server versions
Extension Pack: Fixed issues with USB webcam pass-through on Linux
Host and guest driver: Fix small memory leak (bug #20280)
Linux host and guest: Support kernel version 5.13 (bug #20456)
Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3
kernels (bug #20396)
Linux host: Installer will not attempt to build kernel modules if system
already has them installed and modules versions match current version
Guest Additions: Fixed crash on using shared clipboard (bug #19165)
Linux Guest Additions: Introduce support for Ubuntu specific kernels
(bug #20325)
Solaris guest: Increased default memory and disk sizes
EFI: Support network booting with the E1000 network controller emulation
EFI: Stability improvements (bug #20090)
This release fixes boo#1188535, VUL-0: CVE-2021-2454, boo#1188536,
VUL-0: CVE-2021-2409, boo#1188537, VUL-0: CVE-2021-2442, and
boo#1188538, VUL-0: CVE-2021-2443.
Add vboximg-mount to packaging. boo#1188045.
Fixed CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as
shown in boo#1188105.
Disable the build of kmp vboxvideo, at least temporarily.
Correct WantedBy entry in vboxadd-service
Require which for /usr/lib/virtualbox/vboxadd-service
fix license packaging, small cruft cleanup (avoid owning directories
provided by filesystem rpm)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1114=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.2 | x86_64 | < - openSUSE Leap 15.2 (x86_64): | - openSUSE Leap 15.2 (x86_64):.x86_64.rpm | |
openSUSE Leap | 15.2 | noarch | < - openSUSE Leap 15.2 (noarch): | - openSUSE Leap 15.2 (noarch):.noarch.rpm |
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P