Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:2154-1 Final 1 1 2015-11-30T09:42:24Z current 2015-11-30T09:42:24Z 2015-11-30T09:42:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox The virtualbox package was updated to version 4.2.36 to fix the following security and non security issues: - Version bump tp 4.2.36 (released 2015-11-11 by Oracle) * several fixes - Oracle is not more specific - Version bump to 4.2.34 (released 2015-10-20 by Oracle) (bsc#951432) * CVE-2015-4813: Only Windows guests are impacted. Windows guests without VirtualBox Guest Additions installed are not affected. * CVE-2015-4896: Only VMs with Remote Display feature (RDP) enabled are impacted by CVE-2015-4896. * several fixes - Linux hosts: Linux 4.2 fix - Linux hosts: Linux 4.3 compile fixes - Windows hosts: hardening fixes - Linux Additions: Linux 4.2 fixes (bug #14227) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html E-Mail link for openSUSE-SU-2015:2154-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings python-virtualbox-4.2.36-2.52.2 virtualbox-4.2.36-2.52.2 virtualbox-devel-4.2.36-2.52.2 virtualbox-guest-kmp-default-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-kmp-desktop-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-kmp-pae-4.2.36_k3.11.10_29-2.52.2 virtualbox-guest-tools-4.2.36-2.52.2 virtualbox-guest-x11-4.2.36-2.52.2 virtualbox-host-kmp-default-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-desktop-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-kmp-pae-4.2.36_k3.11.10_29-2.52.2 virtualbox-host-source-4.2.36-2.52.2 virtualbox-qt-4.2.36-2.52.2 virtualbox-websrv-4.2.36-2.52.2 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. CVE-2015-4813 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html https://www.suse.com/security/cve/CVE-2015-4813.html CVE-2015-4813 https://bugzilla.suse.com/951432 SUSE Bug 951432 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core. CVE-2015-4896 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-11/msg00172.html https://www.suse.com/security/cve/CVE-2015-4896.html CVE-2015-4896 https://bugzilla.suse.com/951432 SUSE Bug 951432