Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1400-1 Final 1 1 2015-08-10T09:25:14Z current 2015-08-10T09:25:14Z 2015-08-10T09:25:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox - Version bump to 4.2.32 bnc#938408 CVE-2015-2594 * Storage: fixed a crash when taking snapshots (4.2.30 regression) * ExtPack: don't fail if the TMP directory contains non-latin1 characters (bug #14159) * Main: implemented dedicated event processing queue * Linux hosts: fixed a bug which made the netfilter driver ignore certain events (bug #12264) Also included from Version bump to 4.2.30 bnc#935900 CVE-2015-3456: * Various small fixes here and there - Fix the multiinstall on kernel modules to avoid conflicts bnc#925663 - Drop smap.diff fails to apply to the latest release The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html E-Mail link for openSUSE-SU-2015:1400-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings python-virtualbox-4.2.32-2.35.1 virtualbox-4.2.32-2.35.1 virtualbox-devel-4.2.32-2.35.1 virtualbox-guest-kmp-default-4.2.32_k3.11.10_29-2.35.1 virtualbox-guest-kmp-desktop-4.2.32_k3.11.10_29-2.35.1 virtualbox-guest-kmp-pae-4.2.32_k3.11.10_29-2.35.1 virtualbox-guest-tools-4.2.32-2.35.1 virtualbox-guest-x11-4.2.32-2.35.1 virtualbox-host-kmp-default-4.2.32_k3.11.10_29-2.35.1 virtualbox-host-kmp-desktop-4.2.32_k3.11.10_29-2.35.1 virtualbox-host-kmp-pae-4.2.32_k3.11.10_29-2.35.1 virtualbox-host-source-4.2.32-2.35.1 virtualbox-qt-4.2.32-2.35.1 virtualbox-websrv-4.2.32-2.35.1 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. CVE-2015-2594 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html https://www.suse.com/security/cve/CVE-2015-2594.html CVE-2015-2594 https://bugzilla.suse.com/938408 SUSE Bug 938408 The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM. CVE-2015-3456 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html https://www.suse.com/security/cve/CVE-2015-3456.html CVE-2015-3456 https://bugzilla.suse.com/929339 SUSE Bug 929339 https://bugzilla.suse.com/932770 SUSE Bug 932770 https://bugzilla.suse.com/935900 SUSE Bug 935900