Overview

File _patchinfo of Package patchinfo.7701

<patchinfo incident="7701">
  <issue id="1076372" tracker="bnc">VUL-0: virtualbox: Jan 2018 Oracle CPU</issue>
  <issue id="1068032" tracker="bnc"/>
  <issue id="2018-2690" tracker="cve" />
  <issue id="2018-2693" tracker="cve" />
  <issue id="2018-2694" tracker="cve" />
  <issue id="2018-2689" tracker="cve" />
  <issue id="2018-2688" tracker="cve" />
  <issue id="2018-2676" tracker="cve" />
  <issue id="2018-2686" tracker="cve" />
  <issue id="2018-2685" tracker="cve" />
  <issue id="2017-5715" tracker="cve" />
  <issue id="2018-2698" tracker="cve" />
  <issue id="2018-2687" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>lwfinger</packager>
  <description>This update for virtualbox to version 5.1.32 fixes the following issues:

The following vulnerabilities were fixed (boo#1076372):

- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch
  prediction may allow unauthorized disclosure of information to an attacker with local user
  access via a side-channel analysis, also known as "Spectre", bsc#1068032.
- CVE-2018-2676: Local authenticated attacker may gain elevated privileges
- CVE-2018-2685: Local authenticated attacker may gain elevated privileges 
- CVE-2018-2686: Local authenticated attacker may gain elevated privileges 
- CVE-2018-2687: Local authenticated attacker may gain elevated privileges
- CVE-2018-2688: Local authenticated attacker may gain elevated privileges
- CVE-2018-2689: Local authenticated attacker may gain elevated privileges
- CVE-2018-2690: Local authenticated attacker may gain elevated privileges
- CVE-2018-2693: Local authenticated attacker may gain elevated privileges via guest additions
- CVE-2018-2694: Local authenticated attacker may gain elevated privileges
- CVE-2018-2698: Local authenticated attacker may gain elevated privileges 

The following bug fixes are included:

- fix occasional screen corruption when host screen resolution is changed
- increase proposed disk size when creating new VMs for Windows 7 and newer
- fix broken communication with certain devices on Linux hosts
- Fix problems using 256MB VRAM in raw-mode VMs
- add HDA support for more exotic guests (e.g. Haiku)
- fix playback with ALSA backend (5.1.28 regression)
- fix a problem where OHCI emulation might sporadically drop data transfers
</description>
  <summary>Security update for virtualbox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places