Security update for Virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0925-1 Final 1 1 2020-07-03T12:17:20Z current 2020-07-03T12:17:20Z 2020-07-03T12:17:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Virtualbox Virtualbox was updated to 6.0.22 (released May 15 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: Guest Additions: Build problems fix with Oracle Linux 8.2 (Red Hat compatible kernel) / Red Hat Enterprise Linux 8.2 / CentOS 8.2 (bug #19391) Guest Control/VBoxManage: fix handling of multiple environment variables supplied to 'VBoxManage guestcontrol VM run' (6.1.6/6.0.20 regression; bug #19518) Version bump to 6.0.20 (released April 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: - USB: Multiple enhancements improving prformance and stability - VBoxManage: Multiple fixes for guestcontrol command - Graphics: Enhancements in 2D and 3D acceleration and rendering - API: Fix for exception handling bug in Python bindings - Linux host and guest: Support Linux kernel 5.6 (bug #19312) This update fixes the following security issues: CVE-2020-2741, CVE-2020-2742, CVE-2020-2743, CVE-2020-2748, CVE-2020-2758, CVE-2020-2894, CVE-2020-2902, CVE-2020-2905, CVE-2020-2907, CVE-2020-2908, CVE-2020-2909, CVE-2020-2910, CVE-2020-2911, CVE-2020-2913, CVE-2020-2914, CVE-2020-2929, CVE-2020-2951, CVE-2020-2958, CVE-2020-2959 (bsc#1169628) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-925 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ E-Mail link for openSUSE-SU-2020:0925-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1169628 SUSE Bug 1169628 https://www.suse.com/security/cve/CVE-2020-2741/ SUSE CVE CVE-2020-2741 page https://www.suse.com/security/cve/CVE-2020-2742/ SUSE CVE CVE-2020-2742 page https://www.suse.com/security/cve/CVE-2020-2743/ SUSE CVE CVE-2020-2743 page https://www.suse.com/security/cve/CVE-2020-2748/ SUSE CVE CVE-2020-2748 page https://www.suse.com/security/cve/CVE-2020-2758/ SUSE CVE CVE-2020-2758 page https://www.suse.com/security/cve/CVE-2020-2894/ SUSE CVE CVE-2020-2894 page https://www.suse.com/security/cve/CVE-2020-2902/ SUSE CVE CVE-2020-2902 page https://www.suse.com/security/cve/CVE-2020-2905/ SUSE CVE CVE-2020-2905 page https://www.suse.com/security/cve/CVE-2020-2907/ SUSE CVE CVE-2020-2907 page https://www.suse.com/security/cve/CVE-2020-2908/ SUSE CVE CVE-2020-2908 page https://www.suse.com/security/cve/CVE-2020-2909/ SUSE CVE CVE-2020-2909 page https://www.suse.com/security/cve/CVE-2020-2910/ SUSE CVE CVE-2020-2910 page https://www.suse.com/security/cve/CVE-2020-2911/ SUSE CVE CVE-2020-2911 page https://www.suse.com/security/cve/CVE-2020-2913/ SUSE CVE CVE-2020-2913 page https://www.suse.com/security/cve/CVE-2020-2914/ SUSE CVE CVE-2020-2914 page https://www.suse.com/security/cve/CVE-2020-2929/ SUSE CVE CVE-2020-2929 page https://www.suse.com/security/cve/CVE-2020-2951/ SUSE CVE CVE-2020-2951 page https://www.suse.com/security/cve/CVE-2020-2958/ SUSE CVE CVE-2020-2958 page https://www.suse.com/security/cve/CVE-2020-2959/ SUSE CVE CVE-2020-2959 page openSUSE Leap 15.1 python3-virtualbox-6.0.22-lp151.2.15.1 virtualbox-6.0.22-lp151.2.15.1 virtualbox-devel-6.0.22-lp151.2.15.1 virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 virtualbox-guest-source-6.0.22-lp151.2.15.1 virtualbox-guest-tools-6.0.22-lp151.2.15.1 virtualbox-guest-x11-6.0.22-lp151.2.15.1 virtualbox-host-source-6.0.22-lp151.2.15.1 virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 virtualbox-qt-6.0.22-lp151.2.15.1 virtualbox-vnc-6.0.22-lp151.2.15.1 virtualbox-websrv-6.0.22-lp151.2.15.1 python3-virtualbox-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-devel-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-guest-source-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-guest-tools-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-guest-x11-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-host-source-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-qt-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-vnc-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 virtualbox-websrv-6.0.22-lp151.2.15.1 as a component of openSUSE Leap 15.1 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2741 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2741.html CVE-2020-2741 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2742 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2742.html CVE-2020-2742 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2743 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2743.html CVE-2020-2743 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). CVE-2020-2748 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2748.html CVE-2020-2748 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2758 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2758.html CVE-2020-2758 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-2894 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2894.html CVE-2020-2894 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2902 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2902.html CVE-2020-2902 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2905 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2905.html CVE-2020-2905 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2907 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2907.html CVE-2020-2907 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2908 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2908.html CVE-2020-2908 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 2.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L). CVE-2020-2909 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2909.html CVE-2020-2909 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N). CVE-2020-2910 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2910.html CVE-2020-2910 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2911 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2911.html CVE-2020-2911 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). CVE-2020-2913 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2913.html CVE-2020-2913 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H). CVE-2020-2914 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2914.html CVE-2020-2914 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). CVE-2020-2929 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2929.html CVE-2020-2929 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). CVE-2020-2951 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2951.html CVE-2020-2951 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-2958 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2958.html CVE-2020-2958 https://bugzilla.suse.com/1169628 SUSE Bug 1169628 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via MLD to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H). CVE-2020-2959 openSUSE Leap 15.1:python3-virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-devel-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-desktop-icons-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-tools-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-guest-x11-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-host-source-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-kmp-default-6.0.22_k4.12.14_lp151.28.52-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-qt-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-vnc-6.0.22-lp151.2.15.1 openSUSE Leap 15.1:virtualbox-websrv-6.0.22-lp151.2.15.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SBBG7D2MGNFDLGBT4PUK5VBVNRBGA7XU/ https://www.suse.com/security/cve/CVE-2020-2959.html CVE-2020-2959 https://bugzilla.suse.com/1169628 SUSE Bug 1169628