Overview

File _patchinfo of Package patchinfo.18645

<patchinfo incident="18645">
  <issue tracker="cve" id="2024-21273"/>
  <issue tracker="cve" id="2024-21263"/>
  <issue tracker="cve" id="2024-21248"/>
  <issue tracker="cve" id="2024-21259"/>
  <issue tracker="bnc" id="1231225">Virtualbox 7.1.0 cannot install extension pack</issue>
  <issue tracker="bnc" id="1231738">VUL-0: CVE-2024-21263: virtualbox: Oracle VM VirtualBox can be made to crash or to provide read access to certain data by a low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes</issue>
  <issue tracker="bnc" id="1231736">VUL-0: CVE-2024-21273: virtualbox: Oracle VM VirtualBox can be made to provide access to critical data to an unauthorized high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes</issue>
  <issue tracker="bnc" id="1231737">VUL-0: CVE-2024-21259: virtualbox: Oracle VM VirtualBox can be compromised and taken over by a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes</issue>
  <issue tracker="bnc" id="1231735">VUL-0: CVE-2024-21248: virtualbox: Oracle VM VirtualBox can be compromised by low privileged attackers with logon to the infrastructure where Oracle VM VirtualBox executes</issue>
  <packager>jengelh</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for virtualbox</summary>
  <description>This update for virtualbox fixes the following issues:

Update to release 7.1.4:

* NAT: Fixed DHCP problems with certain guests when domain is
  empty
* VMSVGA: Improved flickering, black screen and other screen
  update issues with recent Linux kernels
* Linux Guest Additions: Introduce initial support for kernel 6.12
* EFI: Added missing LsiLogic MPT SCSI driver again to fix
  booting from devices attached to this device if the EFI
  firmware is used (7.1.0 regression)
* EFI: Restored broken network boot support (7.1.0 regression)
* Adressed CVE-2024-21248 [boo#1231735],
  CVE-2024-21273 [boo#1231736], CVE-2024-21259 [boo#1231737],
  CVE-2024-21263 [boo#1231738]

- Make the Extension Pack work with our compiler flags and RT_NOEXCEPT choices. [boo#1231225]

Update to release 7.1:

* The GUI now offers a selection between Basic and Experienced
  user level with reduced or full UI functionality.
* VRDE: If user does not set up TLS with custom certificates,
  enable it with self-signed certificate, including issuing a
  new one before the old one expires
* NAT: New engine with IPv6 support.
* Linux host and guest: Added Wayland support for Clipboard
  sharing.

- Changed license from Gpl-2.0 to Gpl-3.0

Version bump to VirtualBox 7.0.20 (released July 16 2024 by Oracle))

This is a maintenance release. The following items were fixed and/or added:

- TPM: Fixed errors appearing the event viewer with Windows guests
- macOS Hosts: Fixed passing USB devices to the VM (bug #21218)
- Audio: Fixed recording with HDA emulation after newer Windows 10 / 11 guests got rebooted
- USB: Fixed a deadlock in OHCI triggered when saving the current state of a VM or taking a snapshot (bug #22059)
- Linux Guest and Host: Introduced initial support for OpenSuse 15.6 kernel
- Linux Guest and Host: Introduced initial support for RHEL 9.5 kernel (bug #22099)
- Guest Additions: Shared Clipboard: Fixed issue when extra new lines were pasted when copying text between Win and X11 (bug #21716)
- UEFI Secure Boot: Add new Microsoft certificates to list for new VMs 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places