openSUSE Security Update : virtualbox (openSUSE-2017-1267)

Medium Nessus Plugin ID 104525

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.8

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for virtualbox fixes the following issues :

- CVE-2017-10392: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service

- CVE-2017-10407: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service

- CVE-2017-10408: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and deny service

- CVE-2017-10428: A local user can exploit a flaw in the Oracle VM VirtualBox Core component to partially access data, partially modify data, and partially deny service

The following packaging changes are included :

- Further to usage of vboxdrv if virtualbox-qt is not installed: updates to vboxdrv.sh (boo#1060072)

- The virtualbox package no longer requires libX11, an library module files were moved to virtualbox-qt

This update also contains all upstream improvements in the 5.1.30 release, including :

- Fix for double mouse cursor when using mouse integration without Guest Additions.

- Translation updates

Solution

Update the affected virtualbox packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1060072

https://bugzilla.opensuse.org/show_bug.cgi?id=1064200

https://bugzilla.opensuse.org/show_bug.cgi?id=1066488

Plugin Details

Severity: Medium

ID: 104525

File Name: openSUSE-2017-1267.nasl

Version: 3.3

Type: local

Agent: unix

Published: 2017/11/13

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 5.8

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS v3.0

Base Score: 7.3

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-source, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-source, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-vnc, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/11/10

Reference Information

CVE: CVE-2017-10392, CVE-2017-10407, CVE-2017-10408, CVE-2017-10428