openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)

Medium Nessus Plugin ID 109294

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for VirtualBox to version 5.1.36 fixes multiple issues :

Security issues fixed :

- CVE-2018-0739: Unauthorized remote attacker may have caused a hang or frequently repeatable crash (complete DOS)

- CVE-2018-2830: Attacker with host login may have compromised Virtualbox or further system services after interaction with a third user

- CVE-2018-2831: Attacker with host login may have compromised VirtualBox or further system services, allowing read access to some data

- CVE-2018-2835: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user

- CVE-2018-2836: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user

- CVE-2018-2837: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user

- CVE-2018-2842: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user

- CVE-2018-2843: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user

- CVE-2018-2844: Attacker with host login may have gained control over VirtualBox and possibly further system services after interacting with a third user

- CVE-2018-2845: Attacker with host login may have caused a hang or frequently repeatable crash (complete DOS), and perform unauthorized read and write operation to some VirtualBox accessible data

- CVE-2018-2860: Privileged attacker may have gained control over VirtualBox and possibly further system services

http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose- 3678108.html http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067 .html#AppendixOVIR

This update also contains all upstream fixes and improvements in the stable 5.1.36 release.

Solution

Update the affected virtualbox packages.

CPE: p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-source, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-source, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-vnc, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/04/23

Reference Information

CVE: CVE-2017-3737, CVE-2017-9798, CVE-2018-0739, CVE-2018-2830, CVE-2018-2831, CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842, CVE-2018-2843, CVE-2018-2844, CVE-2018-2845, CVE-2018-2860

openSUSE Security Update : virtualbox (openSUSE-2018-389) (Optionsbleed)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Reference Information