Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0187-1 Final 1 1 2018-01-23T20:59:39Z current 2018-01-23T20:59:39Z 2018-01-23T20:59:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox This update for virtualbox to version 5.1.32 fixes the following issues: The following vulnerabilities were fixed (boo#1076372): - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, also known as 'Spectre', bsc#1068032. - CVE-2018-2676: Local authenticated attacker may gain elevated privileges - CVE-2018-2685: Local authenticated attacker may gain elevated privileges - CVE-2018-2686: Local authenticated attacker may gain elevated privileges - CVE-2018-2687: Local authenticated attacker may gain elevated privileges - CVE-2018-2688: Local authenticated attacker may gain elevated privileges - CVE-2018-2689: Local authenticated attacker may gain elevated privileges - CVE-2018-2690: Local authenticated attacker may gain elevated privileges - CVE-2018-2693: Local authenticated attacker may gain elevated privileges via guest additions - CVE-2018-2694: Local authenticated attacker may gain elevated privileges - CVE-2018-2698: Local authenticated attacker may gain elevated privileges The following bug fixes are included: - fix occasional screen corruption when host screen resolution is changed - increase proposed disk size when creating new VMs for Windows 7 and newer - fix broken communication with certain devices on Linux hosts - Fix problems using 256MB VRAM in raw-mode VMs - add HDA support for more exotic guests (e.g. Haiku) - fix playback with ALSA backend (5.1.28 regression) - fix a problem where OHCI emulation might sporadically drop data transfers The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html E-Mail link for openSUSE-SU-2018:0187-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 python-virtualbox-5.1.32-42.1 virtualbox-5.1.32-42.1 virtualbox-devel-5.1.32-42.1 virtualbox-guest-desktop-icons-5.1.32-42.1 virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 virtualbox-guest-source-5.1.32-42.1 virtualbox-guest-tools-5.1.32-42.1 virtualbox-guest-x11-5.1.32-42.1 virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 virtualbox-host-source-5.1.32-42.1 virtualbox-qt-5.1.32-42.1 virtualbox-vnc-5.1.32-42.1 virtualbox-websrv-5.1.32-42.1 python-virtualbox-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-devel-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-guest-desktop-icons-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 as a component of openSUSE Leap 42.2 virtualbox-guest-source-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-guest-tools-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-guest-x11-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 as a component of openSUSE Leap 42.2 virtualbox-host-source-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-qt-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-vnc-5.1.32-42.1 as a component of openSUSE Leap 42.2 virtualbox-websrv-5.1.32-42.1 as a component of openSUSE Leap 42.2 python-virtualbox-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-devel-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-guest-desktop-icons-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 as a component of openSUSE Leap 42.3 virtualbox-guest-source-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-guest-tools-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-guest-x11-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 as a component of openSUSE Leap 42.3 virtualbox-host-source-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-qt-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-vnc-5.1.32-42.1 as a component of openSUSE Leap 42.3 virtualbox-websrv-5.1.32-42.1 as a component of openSUSE Leap 42.3 Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5715 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important 4.7 AV:L/AC:M/Au:N/C:C/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2017-5715.html CVE-2017-5715 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1074741 SUSE Bug 1074741 https://bugzilla.suse.com/1074919 SUSE Bug 1074919 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075007 SUSE Bug 1075007 https://bugzilla.suse.com/1075262 SUSE Bug 1075262 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1076115 SUSE Bug 1076115 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 https://bugzilla.suse.com/1078353 SUSE Bug 1078353 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1095735 SUSE Bug 1095735 https://bugzilla.suse.com/1102055 SUSE Bug 1102055 https://bugzilla.suse.com/1102517 SUSE Bug 1102517 https://bugzilla.suse.com/1105108 SUSE Bug 1105108 https://bugzilla.suse.com/1126516 SUSE Bug 1126516 https://bugzilla.suse.com/1173489 SUSE Bug 1173489 https://bugzilla.suse.com/1174161 SUSE Bug 1174161 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2018-2676 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2676.html CVE-2018-2676 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2685 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2685.html CVE-2018-2685 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2686 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2686.html CVE-2018-2686 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2687 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2687.html CVE-2018-2687 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2688 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2688.html CVE-2018-2688 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2689 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2689.html CVE-2018-2689 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2690 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2690.html CVE-2018-2690 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H). CVE-2018-2693 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2693.html CVE-2018-2693 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2018-2694 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2694.html CVE-2018-2694 https://bugzilla.suse.com/1076372 SUSE Bug 1076372 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2018-2698 openSUSE Leap 42.2:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.32-42.1 openSUSE Leap 42.3:python-virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-devel-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-guest-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.1.32_k4.4.104_39-42.1 openSUSE Leap 42.3:virtualbox-host-source-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-qt-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-vnc-5.1.32-42.1 openSUSE Leap 42.3:virtualbox-websrv-5.1.32-42.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00053.html https://www.suse.com/security/cve/CVE-2018-2698.html CVE-2018-2698 https://bugzilla.suse.com/1076372 SUSE Bug 1076372