Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for virtualbox

This update for virtualbox fixes the following issues:

- Version bump to 6.1.20 (released April 20 2021 by Oracle)
Fixes boo#1183329 "virtualbox 6.1.18 crashes when it runs nested VM"
Fixes boo#1183125 "Leap 15.3 installation in Virtualbox without VBox integration"
Fixes CVE-2021-2264 and boo#1184542. The directory for the .start files for
autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart
service is hardened (by Oracle).
- change the modalias for guest-tools and guest-x11 to get them to autoinstall.
- Own %{_sysconfdir}/X11/xinit/xinitrc.d as default packages (eg
systemd) no longer do so, breaking package build.
- Update fixes_for_leap15.3 for kernel API changes between 5.3.18-45 and 5.3.18-47.
- update-extpack.sh: explicitly use https:// protocol for authenticity. The
http:// URL is currently redirected to https:// but don't rely on this.
- Add code to generate guest modules for Leap 15.2 and Leap 15.3. The kernel versions
do not allow window resizing. Files "virtualbox-kmp-files-leap" and
"vboxguestconfig.sh" are added
- Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198.
- Under some circumstances, shared folders are mounted as root.

Fixed bugs
bnc#1183329
virtualbox 6.1.18 crashes when it runs nested VM
bnc#1184542
VUL-0: CVE-2021-2264: virtualbox: vboxautostart.sh allows injection of parameters to su invocation
bnc#1183125
Leap 15.3 installation in Virtualbox without VBox integration
bnc#1181197
VUL-0: CVE-2021-2074: virtualbox: core: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
bnc#1181198
VUL-0: CVE-2021-2129: virtualbox: core: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
CVE-2021-2264
CVE-2021-2074
CVE-2021-2129
Selected Binaries
openSUSE Build Service is sponsored by
Places