openSUSE Security Update : kbuild / virtualbox (openSUSE-2018-938) (Spectre)

Medium Nessus Plugin ID 112143

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for kbuild, virtualbox fixes the following issues :

kbuild changes :

- Update to version 0.1.9998svn3110

- Do not assume glibc glob internals

- Support GLIBC glob interface version 2

- Fix build failure (boo#1079838)

- Fix build with GCC7 (boo#1039375)

- Fix build by disabling vboxvideo_drv.so

virtualbox security fixes (boo#1101667, boo#1076372) :

- CVE-2018-3005

- CVE-2018-3055

- CVE-2018-3085

- CVE-2018-3086

- CVE-2018-3087

- CVE-2018-3088

- CVE-2018-3089

- CVE-2018-3090

- CVE-2018-3091

- CVE-2018-2694

- CVE-2018-2698

- CVE-2018-2685

- CVE-2018-2686

- CVE-2018-2687

- CVE-2018-2688

- CVE-2018-2689

- CVE-2018-2690

- CVE-2018-2676

- CVE-2018-2693

- CVE-2017-5715

virtualbox other changes :

- Version bump to 5.2.16

- Use %{?linux_make_arch} when building kernel modules (boo#1098050)

- Fixed vboxguestconfig.sh script

- Update warning regarding the security hole in USB passthrough. (boo#1097248)

- Fixed include for build with Qt 5.11 (boo#1093731)

- You can find a detailed list of changes [here](https://www.virtualbox.org/wiki/Changelog#v16)

Solution

Update the affected kbuild / virtualbox packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1039375

https://bugzilla.opensuse.org/show_bug.cgi?id=1076372

https://bugzilla.opensuse.org/show_bug.cgi?id=1079838

https://bugzilla.opensuse.org/show_bug.cgi?id=1093731

https://bugzilla.opensuse.org/show_bug.cgi?id=1097248

https://bugzilla.opensuse.org/show_bug.cgi?id=1098050

https://bugzilla.opensuse.org/show_bug.cgi?id=1101667

https://www.virtualbox.org/wiki/Changelog#v16

Plugin Details

Severity: Medium

ID: 112143

File Name: openSUSE-2018-938.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2018/08/27

Modified: 2018/08/27

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

CVSSv3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kbuild, p-cpe:/a:novell:opensuse:kbuild-debuginfo, p-cpe:/a:novell:opensuse:kbuild-debugsource, p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-source, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-source, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-vnc, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/08/26

Exploitable With

Core Impact

Reference Information

CVE: CVE-2017-5715, CVE-2018-0739, CVE-2018-2676, CVE-2018-2685, CVE-2018-2686, CVE-2018-2687, CVE-2018-2688, CVE-2018-2689, CVE-2018-2690, CVE-2018-2693, CVE-2018-2694, CVE-2018-2698, CVE-2018-2830, CVE-2018-2831, CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842, CVE-2018-2843, CVE-2018-2844, CVE-2018-2845, CVE-2018-2860, CVE-2018-3005, CVE-2018-3055, CVE-2018-3085, CVE-2018-3086, CVE-2018-3087, CVE-2018-3088, CVE-2018-3089, CVE-2018-3090, CVE-2018-3091