openSUSE Security Update : virtualbox (openSUSE-2015-550) (Venom)

High Nessus Plugin ID 85525

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 9.4

Synopsis

The remote openSUSE host is missing a security update.

Description

- Version bump to 4.2.32 bnc#938408 CVE-2015-2594

- Storage: fixed a crash when taking snapshots (4.2.30 regression)

- ExtPack: don't fail if the TMP directory contains non-latin1 characters (bug #14159)

- Main: implemented dedicated event processing queue

- Linux hosts: fixed a bug which made the netfilter driver ignore certain events (bug #12264)

Also included from Version bump to 4.2.30 bnc#935900 CVE-2015-3456 :

- Various small fixes here and there

- Fix the multiinstall on kernel modules to avoid conflicts bnc#925663

- Drop smap.diff fails to apply to the latest release

Solution

Update the affected virtualbox packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=925663

https://bugzilla.opensuse.org/show_bug.cgi?id=935900

https://bugzilla.opensuse.org/show_bug.cgi?id=938408

Plugin Details

Severity: High

ID: 85525

File Name: openSUSE-2015-550.nasl

Version: 2.4

Type: local

Agent: unix

Published: 2015/08/19

Updated: 2021/01/19

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 9.4

CVSS v2.0

Base Score: 7.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-desktop-icons, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-source, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, cpe:/o:novell:opensuse:13.1, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/08/10

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-2594, CVE-2015-3456