Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1141-1 Final 1 1 2017-05-02T09:05:31Z current 2017-05-02T09:05:31Z 2017-05-02T09:05:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox This update to virtualbox 5.0.40 fixes the following issues: These security issues were fixed (bsc#1034854): - CVE-2017-3513: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3538: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. - CVE-2017-3558: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3559: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. - CVE-2017-3561: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3563: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3575: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. - CVE-2017-3576: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. - CVE-2017-3587: Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. These non-security issues were fixed: - Storage: fixed a potential hang under rare circumstances - Storage: fixed a potential crash under rare circumstances (asynchronous I/O disabled or during maintenance file operations like merging snapshots) - Storage: fixed a potential crash under rare circumstances (no asynchronous I/O or during maintenance file operations like merging snapshots) - Linux hosts: make the ALSA backend work again as well as Loading the GL libraries on certain hosts - GUI: don't crash on restoring defaults in the appliance import dialog The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html E-Mail link for openSUSE-SU-2017:1141-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 python-virtualbox-5.0.40-40.1 virtualbox-5.0.40-40.1 virtualbox-devel-5.0.40-40.1 virtualbox-guest-desktop-icons-5.0.40-40.1 virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 virtualbox-guest-tools-5.0.40-40.1 virtualbox-guest-x11-5.0.40-40.1 virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 virtualbox-host-source-5.0.40-40.1 virtualbox-qt-5.0.40-40.1 virtualbox-websrv-5.0.40-40.1 python-virtualbox-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-devel-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-guest-desktop-icons-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 as a component of openSUSE Leap 42.1 virtualbox-guest-tools-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-guest-x11-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 as a component of openSUSE Leap 42.1 virtualbox-host-source-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-qt-5.0.40-40.1 as a component of openSUSE Leap 42.1 virtualbox-websrv-5.0.40-40.1 as a component of openSUSE Leap 42.1 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 2.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N). CVE-2017-3513 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3513.html CVE-2017-3513 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.34 and Prior to 5.1.16. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N). CVE-2017-3538 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3538.html CVE-2017-3538 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 8.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H). CVE-2017-3558 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3558.html CVE-2017-3558 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H). CVE-2017-3559 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3559.html CVE-2017-3559 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2017-3561 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3561.html CVE-2017-3561 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2017-3563 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3563.html CVE-2017-3563 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H). CVE-2017-3575 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3575.html CVE-2017-3575 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2017-3576 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3576.html CVE-2017-3576 https://bugzilla.suse.com/1034854 SUSE Bug 1034854 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H). CVE-2017-3587 openSUSE Leap 42.1:python-virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-devel-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.40_k4.1.39_53-40.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-qt-5.0.40-40.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.40-40.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-05/msg00001.html https://www.suse.com/security/cve/CVE-2017-3587.html CVE-2017-3587 https://bugzilla.suse.com/1034854 SUSE Bug 1034854