You are here
Home > Preporuke > Sigurnosni nedostaci programskih paketa kbuild i virtualbox

Sigurnosni nedostaci programskih paketa kbuild i virtualbox

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LSU

openSUSE Security Update: Security update for kbuild, virtualbox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:2524-1
Rating: important
References: #1039375 #1076372 #1079838 #1093731 #1097248
#1098050 #1101667
Cross-References: CVE-2017-5715 CVE-2018-0739 CVE-2018-2676
CVE-2018-2685 CVE-2018-2686 CVE-2018-2687
CVE-2018-2688 CVE-2018-2689 CVE-2018-2690
CVE-2018-2693 CVE-2018-2694 CVE-2018-2698
CVE-2018-2830 CVE-2018-2831 CVE-2018-2835
CVE-2018-2836 CVE-2018-2837 CVE-2018-2842
CVE-2018-2843 CVE-2018-2844 CVE-2018-2845
CVE-2018-2860 CVE-2018-3005 CVE-2018-3055
CVE-2018-3085 CVE-2018-3086 CVE-2018-3087
CVE-2018-3088 CVE-2018-3089 CVE-2018-3090
CVE-2018-3091
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that fixes 31 vulnerabilities is now available.

Description:

This update for kbuild, virtualbox fixes the following issues:

kbuild changes:

– Update to version 0.1.9998svn3110
– Do not assume glibc glob internals
– Support GLIBC glob interface version 2
– Fix build failure (boo#1079838)
– Fix build with GCC7 (boo#1039375)
– Fix build by disabling vboxvideo_drv.so

virtualbox security fixes (boo#1101667, boo#1076372):

– CVE-2018-3005
– CVE-2018-3055
– CVE-2018-3085
– CVE-2018-3086
– CVE-2018-3087
– CVE-2018-3088
– CVE-2018-3089
– CVE-2018-3090
– CVE-2018-3091
– CVE-2018-2694
– CVE-2018-2698
– CVE-2018-2685
– CVE-2018-2686
– CVE-2018-2687
– CVE-2018-2688
– CVE-2018-2689
– CVE-2018-2690
– CVE-2018-2676
– CVE-2018-2693
– CVE-2017-5715

virtualbox other changes:

– Version bump to 5.2.16
– Use %{?linux_make_arch} when building kernel modules (boo#1098050)
– Fixed vboxguestconfig.sh script
– Update warning regarding the security hole in USB passthrough.
(boo#1097248)
– Fixed include for build with Qt 5.11 (boo#1093731)
– You can find a detailed list of changes
[here](https://www.virtualbox.org/wiki/Changelog#v16)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-938=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

kbuild-0.1.9998svn3110-4.3.1
kbuild-debuginfo-0.1.9998svn3110-4.3.1
kbuild-debugsource-0.1.9998svn3110-4.3.1

– openSUSE Leap 42.3 (x86_64):

python-virtualbox-5.2.18-56.1
python-virtualbox-debuginfo-5.2.18-56.1
virtualbox-5.2.18-56.1
virtualbox-debuginfo-5.2.18-56.1
virtualbox-debugsource-5.2.18-56.1
virtualbox-devel-5.2.18-56.1
virtualbox-guest-kmp-default-5.2.18_k4.4.143_65-56.1
virtualbox-guest-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1
virtualbox-guest-tools-5.2.18-56.1
virtualbox-guest-tools-debuginfo-5.2.18-56.1
virtualbox-guest-x11-5.2.18-56.1
virtualbox-guest-x11-debuginfo-5.2.18-56.1
virtualbox-host-kmp-default-5.2.18_k4.4.143_65-56.1
virtualbox-host-kmp-default-debuginfo-5.2.18_k4.4.143_65-56.1
virtualbox-qt-5.2.18-56.1
virtualbox-qt-debuginfo-5.2.18-56.1
virtualbox-vnc-5.2.18-56.1
virtualbox-websrv-5.2.18-56.1
virtualbox-websrv-debuginfo-5.2.18-56.1

– openSUSE Leap 42.3 (noarch):

virtualbox-guest-desktop-icons-5.2.18-56.1
virtualbox-guest-source-5.2.18-56.1
virtualbox-host-source-5.2.18-56.1

References:

https://www.suse.com/security/cve/CVE-2017-5715.html
https://www.suse.com/security/cve/CVE-2018-0739.html
https://www.suse.com/security/cve/CVE-2018-2676.html
https://www.suse.com/security/cve/CVE-2018-2685.html
https://www.suse.com/security/cve/CVE-2018-2686.html
https://www.suse.com/security/cve/CVE-2018-2687.html
https://www.suse.com/security/cve/CVE-2018-2688.html
https://www.suse.com/security/cve/CVE-2018-2689.html
https://www.suse.com/security/cve/CVE-2018-2690.html
https://www.suse.com/security/cve/CVE-2018-2693.html
https://www.suse.com/security/cve/CVE-2018-2694.html
https://www.suse.com/security/cve/CVE-2018-2698.html
https://www.suse.com/security/cve/CVE-2018-2830.html
https://www.suse.com/security/cve/CVE-2018-2831.html
https://www.suse.com/security/cve/CVE-2018-2835.html
https://www.suse.com/security/cve/CVE-2018-2836.html
https://www.suse.com/security/cve/CVE-2018-2837.html
https://www.suse.com/security/cve/CVE-2018-2842.html
https://www.suse.com/security/cve/CVE-2018-2843.html
https://www.suse.com/security/cve/CVE-2018-2844.html
https://www.suse.com/security/cve/CVE-2018-2845.html
https://www.suse.com/security/cve/CVE-2018-2860.html
https://www.suse.com/security/cve/CVE-2018-3005.html
https://www.suse.com/security/cve/CVE-2018-3055.html
https://www.suse.com/security/cve/CVE-2018-3085.html
https://www.suse.com/security/cve/CVE-2018-3086.html
https://www.suse.com/security/cve/CVE-2018-3087.html
https://www.suse.com/security/cve/CVE-2018-3088.html
https://www.suse.com/security/cve/CVE-2018-3089.html
https://www.suse.com/security/cve/CVE-2018-3090.html
https://www.suse.com/security/cve/CVE-2018-3091.html
https://bugzilla.suse.com/1039375
https://bugzilla.suse.com/1076372
https://bugzilla.suse.com/1079838
https://bugzilla.suse.com/1093731
https://bugzilla.suse.com/1097248
https://bugzilla.suse.com/1098050
https://bugzilla.suse.com/1101667


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

AutorZvonimir Bosnjak
Cert idNCERT-REF-2018-08-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa ImageMagick

Otkriveni su sigurnosni nedostaci u programskom paketu ImageMagick za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja....

Close