Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0270-1 Final 1 1 2017-01-24T09:14:26Z current 2017-01-24T09:14:26Z 2017-01-24T09:14:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox This update for virtualbox fixes the following issues: - The version has been updated from 5.1.8 to 5.1.12. Upstream fixed various functional and security issues. - Multiple security issues have been fixed that could cause DoS and possibly privilege escalation (CVE-2016-5501,CVE-2016-5538,CVE-2016-5605,CVE-2016-5608,CVE-2016-5610, CVE-2016-5611,CVE-2016-561313, boo#1005621) - A security warning regarding USB passthru has been added. It will be shown only the first time virtualbox is started. (bnc#1018340) - Reverted a previously introduced user interface scaling change, because it caused problems (https://forums.opensuse.org/showthread.php/521520-VirtualBox-interface-scaling, bsc#1014694) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html E-Mail link for openSUSE-SU-2017:0270-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 python-virtualbox-5.1.12-6.1 virtualbox-5.1.12-6.1 virtualbox-devel-5.1.12-6.1 virtualbox-guest-desktop-icons-5.1.12-6.1 virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 virtualbox-guest-tools-5.1.12-6.1 virtualbox-guest-x11-5.1.12-6.1 virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 virtualbox-host-source-5.1.12-6.1 virtualbox-qt-5.1.12-6.1 virtualbox-websrv-5.1.12-6.1 python-virtualbox-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-devel-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-guest-desktop-icons-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 as a component of openSUSE Leap 42.2 virtualbox-guest-tools-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-guest-x11-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 as a component of openSUSE Leap 42.2 virtualbox-host-source-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-qt-5.1.12-6.1 as a component of openSUSE Leap 42.2 virtualbox-websrv-5.1.12-6.1 as a component of openSUSE Leap 42.2 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538. CVE-2016-5501 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-5501.html CVE-2016-5501 https://bugzilla.suse.com/1005621 SUSE Bug 1005621 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. CVE-2016-5538 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-5538.html CVE-2016-5538 https://bugzilla.suse.com/1005621 SUSE Bug 1005621 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. CVE-2016-5605 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-5605.html CVE-2016-5605 https://bugzilla.suse.com/1005621 SUSE Bug 1005621 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. CVE-2016-5608 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-5608.html CVE-2016-5608 https://bugzilla.suse.com/1005621 SUSE Bug 1005621 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-5610 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-5610.html CVE-2016-5610 https://bugzilla.suse.com/1005621 SUSE Bug 1005621 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. CVE-2016-5611 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-5611.html CVE-2016-5611 https://bugzilla.suse.com/1005621 SUSE Bug 1005621 unknown CVE-2016-561313 openSUSE Leap 42.2:python-virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-devel-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-desktop-icons-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-guest-tools-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-guest-x11-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-host-kmp-default-5.1.12_k4.4.36_8-6.1 openSUSE Leap 42.2:virtualbox-host-source-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-qt-5.1.12-6.1 openSUSE Leap 42.2:virtualbox-websrv-5.1.12-6.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00136.html https://www.suse.com/security/cve/CVE-2016-561313.html CVE-2016-561313