File _patchinfo of Package patchinfo.17516

<patchinfo incident="17516">
  <issue tracker="bnc" id="1198676">VUL-0: CVE-2022-21465: virtualbox: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox</issue>
  <issue tracker="bnc" id="1198703">package virtualbox-websrv needs sysvinit-tools</issue>
  <issue tracker="bnc" id="1198677">VUL-0: CVE-2022-21471: virtualbox: Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox</issue>
  <issue tracker="bnc" id="1199803">VirtualBox fails with Kernel 5.18.0</issue>
  <issue tracker="bnc" id="1198680">VUL-0: CVE-2022-21491: virtualbox: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox</issue>
  <issue tracker="bnc" id="1198679">VUL-1: CVE-2022-21488: virtualbox: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox</issue>
  <issue tracker="bnc" id="1198678">VUL-1: CVE-2022-21487: virtualbox: Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox</issue>
  <issue id="1201720" tracker="bnc">VUL-0: CVE-2022-21571,CVE-2022-21554: Vulnerability in the Oracle VM VirtualBox (component: Core) affecting version prior to 6.1.36</issue>
  <issue id="2022-21554" tracker="cve" />
  <issue id="2022-21571" tracker="cve" />

  <issue tracker="cve" id="2022-21471"/>
  <issue tracker="cve" id="2022-21465"/>
  <issue tracker="cve" id="2022-21491"/>
  <issue tracker="cve" id="2022-21488"/>
  <issue tracker="cve" id="2022-21487"/>
  <packager>lwfinger</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for virtualbox</summary>
  <description>This update for virtualbox fixes the following issues:

- Save and restore FPU status during interrupt. (boo#1199803)

- Update support of building with Python

- Replace SDL-devel BuildRequires with pkgconfig(sdl): allow to use
  sdl12_compat as an alternative.

Version bump to 6.1.36 released by Oracle July 19 2022

This is a maintenance release. The following items were fixed and/or added:

- VMM: Fixed possible Linux guest kernel crash when configuring Speculative Store Bypass for a single vCPU VM
- GUI: In the storage page of the virtual machine settings dialog, fixed a bug which disrupted mouse interaction with the native file selector on KDE
- NAT: Prevent issue when host resolver incorrectly returned NXDOMAIN for unsupported queries (bug #20977)
- Audio: General improvements in saved state area
- Recording: Various fixes for settings handling
- VGA: Performance improvements for screen updates when VBE banking is used
- USB: Fixed rare crashes when detaching a USB device
- ATA: Fixed NT4 guests taking a minute to eject CDs
- vboximg-mount: Fixed broken write support (bug #20896)
- SDK: Fixed Python bindings incorrectly trying to convert arbitrary byte data into unicode objects with Python 3, causing exceptions (bug #19740)
- API: Fixed an issue when virtual USB mass storage devices or virtual USB DVD drives are added while the VM is not running are by default not marked as hot-pluggable
- API: Initial support for Python 3.10
- API: Solaris OS types cleanup
- Linux and Solaris hosts: Allow to mount shared folder if it is represented as a symlink on a host side (bug #17491)
- Linux Host and Guest drivers: Introduced initial support for kernels 5.18, 5.19 and RHEL 9.1 (bugs #20914, #20941)
- Linux Host and Guest drivers: Better support for kernels built with clang compiler (bugs #20425 and #20998)
- Solaris Guest Additions: General improvements in installer area
- Solaris Guest Additions: Fixed guest screen resize in VMSVGA graphics configuration
- Linux and Solaris Guest Additions: Fixed multi-screen handling in VBoxVGA and VBoxSVGA graphics configuration
- Linux and Solaris Guest Additions: Added support for setting primary screen via VBoxManage
- Linux and Solaris Guest Additions: Fixed X11 resources leak when resizing guest screens
- Linux and Solaris Guest Additions: Fixed file descriptor leak when starting a process using guest control (bug #20902)
- Linux and Solaris Guest Additions: Fixed guest control executing processes as root
- Linux Guest Additions: Improved guests booting time by preventing kernel modules from being rebuilt when it is not necessary (bug #20502)
- Windows Guest Additions: Fixed VBoxTray crash on startup in NT4 guests on rare circumstances

- Fixes CVE-2022-21571,CVE-2022-21554 - boo#1201720

Version bump to 6.1.34 (released March 22 2022) by Oracle

- This is a maintenance release. The following items were fixed and/or added:
- VMM: Fix instruction emulation for "cmpxchg16b"
- GUI: Improved GUI behavior on macOS Big Sur and later when kernel extensions are not loaded
- EHCI: Addressed an issue with handling short packets (bug #20726)
- Storage: Fixed a potential hang during disk I/O when the host I/O cache is disabled (bug #20875)
- NVMe: Fixed loading saved state when nothing is attached to it (bug #20791)
- DevPcBios: Addressed an issue which resulted in rejecting the detected LCHS geometry when the head count was above 16
- virtio-scsi: Improvements
- E1000: Improve descriptor handling
- VBoxManage: Fixed handling of command line arguments with incomplete quotes (bug #20740)
- VBoxManage: Improved 'natnetwork list' output
- VBoxManage: NATNetwork: Provide an option (--ipv6-prefix) to set IPv6 prefix
- VBoxManage: NATNetwork: Provide an option (--ipv6-default) to advertise default IPv6 route (bug #20714)
- VBoxManage: Fix documentation of "usbdevsource add" (bug #20849)
- Networking: General improvements in IPv4 and IPv6 area (bug #20714)
- OVF Import: Allow users to specify a different storage controller and/or controller port for hard disks when importing a VM
- Unattended install: Improvements
- Shared Clipboard: Improved HTML clipboard handling for Windows host
- Linux host and guest: Introduced initial support for kernel 5.17
- Solaris package: Fixes for API access from Python
- Solaris IPS package: Suppress dependency on libpython2.7.so.*
- Linux host and guest: Fixes for Linux kernel 5.14
- Linux Guest Additions: Fixed guest screen resize for older guests which are running libXrandr older than version 1.4
- Linux Guest Additions: Introduced initial support for RHEL 8.6 kernels (bug #20877)
- Windows guest: Make driver install smarter
- Solaris guest: Addressed an issue which prevented VBox GAs 6.1.30 or 6.1.32 from being removed in Solaris 10 guests (bug #20780)
- EFI: Fixed booting from FreeBSD ISO images (bug #19910)
- Fixes CVE-2022-21465 (boo#1198676), CVE-2022-21471 (boo#1198677), CVE-2022-21491 (boo#1198680), CVE-2022-21487 (boo#1198678), and CVE-2022-21488 (boo#1198679).
- package virtualbox-websrv needs sysvinit-tools (boo#1198703)
</description>
</patchinfo>