Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0084-1 Final 1 1 2019-01-25T09:33:18Z current 2019-01-25T09:33:18Z 2019-01-25T09:33:18Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox This update for virtualbox version 5.2.24 fixes the following issues: Update fixes multiple vulnerabilities: CVE-2019-2500, CVE-2019-2524, CVE-2019-2552, CVE-2018-3309, CVE-2019-2520 CVE-2019-2521, CVE-2019-2522, CVE-2019-2523, CVE-2019-2526, CVE-2019-2548 CVE-2018-11763, CVE-2019-2511, CVE-2019-2508, CVE-2019-2509, CVE-2019-2527 CVE-2019-2450, CVE-2019-2451, CVE-2019-2555, CVE-2019-2554, CVE-2019-2556 CVE-2018-11784, CVE-2018-0734, CVE-2019-2525, CVE-2019-2446, CVE-2019-2448 CVE-2019-2501, CVE-2019-2504, CVE-2019-2505, CVE-2019-2506, and CVE-2019-2553 (boo#1122212). Non-security issues fixed: - Linux Additions: fix for building vboxvideo on EL 7.6 standard kernel, contributed by Robert Conde - USB: fixed a problem causing failures attaching SuperSpeed devices which report USB version 3.1 (rather than 3.0) on Windows hosts - Audio: added support for surround speaker setups used by Windows 10 Build 1809 - Linux hosts: fixed conflict between Debian and Oracle build desktop files - Linux guests: fixed building drivers on SLES 12.4 - Linux guests: fixed building shared folder driver with older kernels The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html E-Mail link for openSUSE-SU-2019:0084-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 python-virtualbox-5.2.24-66.1 virtualbox-5.2.24-66.1 virtualbox-devel-5.2.24-66.1 virtualbox-guest-desktop-icons-5.2.24-66.1 virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 virtualbox-guest-source-5.2.24-66.1 virtualbox-guest-tools-5.2.24-66.1 virtualbox-guest-x11-5.2.24-66.1 virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 virtualbox-host-source-5.2.24-66.1 virtualbox-qt-5.2.24-66.1 virtualbox-vnc-5.2.24-66.1 virtualbox-websrv-5.2.24-66.1 python-virtualbox-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-devel-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-guest-desktop-icons-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 as a component of openSUSE Leap 42.3 virtualbox-guest-source-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-guest-tools-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-guest-x11-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 as a component of openSUSE Leap 42.3 virtualbox-host-source-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-qt-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-vnc-5.2.24-66.1 as a component of openSUSE Leap 42.3 virtualbox-websrv-5.2.24-66.1 as a component of openSUSE Leap 42.3 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). CVE-2018-0734 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2018-0734.html CVE-2018-0734 https://bugzilla.suse.com/1113534 SUSE Bug 1113534 https://bugzilla.suse.com/1113652 SUSE Bug 1113652 https://bugzilla.suse.com/1113742 SUSE Bug 1113742 https://bugzilla.suse.com/1122198 SUSE Bug 1122198 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 https://bugzilla.suse.com/1126909 SUSE Bug 1126909 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. CVE-2018-11763 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2018-11763.html CVE-2018-11763 https://bugzilla.suse.com/1109961 SUSE Bug 1109961 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. CVE-2018-11784 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2018-11784.html CVE-2018-11784 https://bugzilla.suse.com/1110850 SUSE Bug 1110850 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2018-3309 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2018-3309.html CVE-2018-3309 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). CVE-2019-2446 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2446.html CVE-2019-2446 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). CVE-2019-2448 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2448.html CVE-2019-2448 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2450 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2450.html CVE-2019-2450 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2451 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2451.html CVE-2019-2451 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2500 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2500.html CVE-2019-2500 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2019-2501 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2501.html CVE-2019-2501 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2019-2504 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2504.html CVE-2019-2504 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2019-2505 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2505.html CVE-2019-2505 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2019-2506 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2506.html CVE-2019-2506 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2019-2508 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2508.html CVE-2019-2508 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2019-2509 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2509.html CVE-2019-2509 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). CVE-2019-2511 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2511.html CVE-2019-2511 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2520 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2520.html CVE-2019-2520 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2521 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2521.html CVE-2019-2521 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2522 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2522.html CVE-2019-2522 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2523 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2523.html CVE-2019-2523 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2524 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2524.html CVE-2019-2524 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2525 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2525.html CVE-2019-2525 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2526 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2526.html CVE-2019-2526 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.26 and prior to 6.0.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2019-2527 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2527.html CVE-2019-2527 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). CVE-2019-2548 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2548.html CVE-2019-2548 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2019-2552 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2552.html CVE-2019-2552 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2019-2553 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2553.html CVE-2019-2553 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2554 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2554.html CVE-2019-2554 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2555 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2555.html CVE-2019-2555 https://bugzilla.suse.com/1122212 SUSE Bug 1122212 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). CVE-2019-2556 openSUSE Leap 42.3:python-virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-devel-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-desktop-icons-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-guest-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-tools-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-guest-x11-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-host-kmp-default-5.2.24_k4.4.165_81-66.1 openSUSE Leap 42.3:virtualbox-host-source-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-qt-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-vnc-5.2.24-66.1 openSUSE Leap 42.3:virtualbox-websrv-5.2.24-66.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00034.html https://www.suse.com/security/cve/CVE-2019-2556.html CVE-2019-2556 https://bugzilla.suse.com/1122212 SUSE Bug 1122212