{"affected":[{"ecosystem_specific":{"binaries":[{"python3-virtualbox":"6.1.24-lp153.2.6.1","virtualbox":"6.1.24-lp153.2.6.1","virtualbox-devel":"6.1.24-lp153.2.6.1","virtualbox-guest-desktop-icons":"6.1.24-lp153.2.6.1","virtualbox-guest-source":"6.1.24-lp153.2.6.1","virtualbox-guest-tools":"6.1.24-lp153.2.6.1","virtualbox-guest-x11":"6.1.24-lp153.2.6.1","virtualbox-host-source":"6.1.24-lp153.2.6.1","virtualbox-kmp-default":"6.1.24_k5.3.18_59.16-lp153.2.6.1","virtualbox-kmp-preempt":"6.1.24_k5.3.18_59.16-lp153.2.6.1","virtualbox-qt":"6.1.24-lp153.2.6.1","virtualbox-vnc":"6.1.24-lp153.2.6.1","virtualbox-websrv":"6.1.24-lp153.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"virtualbox","purl":"pkg:rpm/opensuse/virtualbox&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.1.24-lp153.2.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-virtualbox":"6.1.24-lp153.2.6.1","virtualbox":"6.1.24-lp153.2.6.1","virtualbox-devel":"6.1.24-lp153.2.6.1","virtualbox-guest-desktop-icons":"6.1.24-lp153.2.6.1","virtualbox-guest-source":"6.1.24-lp153.2.6.1","virtualbox-guest-tools":"6.1.24-lp153.2.6.1","virtualbox-guest-x11":"6.1.24-lp153.2.6.1","virtualbox-host-source":"6.1.24-lp153.2.6.1","virtualbox-kmp-default":"6.1.24_k5.3.18_59.16-lp153.2.6.1","virtualbox-kmp-preempt":"6.1.24_k5.3.18_59.16-lp153.2.6.1","virtualbox-qt":"6.1.24-lp153.2.6.1","virtualbox-vnc":"6.1.24-lp153.2.6.1","virtualbox-websrv":"6.1.24-lp153.2.6.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"virtualbox-kmp","purl":"pkg:rpm/opensuse/virtualbox-kmp&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.1.24-lp153.2.6.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for virtualbox fixes the following issues:\n\nVersion bump to 6.1.24 (released July 20 2021 by Oracle)\n\n  This is a maintenance release. The following items were fixed and/or added:\n\n- Storage: Fixed starting a VM if a device is attached to a VirtIO SCSI port higher than 30 (bug #20213)\n- Storage: Improvement to DVD medium change signaling\n- Serial: Fixed a the guest missing interrupts under certain circumstances (6.0 regression, bug #18668)\n- Audio: Multiple fixes and enhancements\n- Network: Fixed connectivity issue with virtio-net after resuming VM with disconnected link\n- Network: Fixed UDP GSO fragmentation issue with missing 8 bytes of payload at the end of the first fragment\n- API: Fixed VM configuration for recent Windows Server versions\n- Extension Pack: Fixed issues with USB webcam pass-through on Linux\n- Host and guest driver: Fix small memory leak (bug #20280)\n- Linux host and guest: Support kernel version 5.13 (bug #20456)\n- Linux host and guest: Introduce support for SUSE SLES/SLED 15 SP3 kernels (bug #20396)\n- Linux host: Installer will not attempt to build kernel modules if system already has them installed and modules versions match current version\n- Guest Additions: Fixed crash on using shared clipboard (bug #19165)\n- Linux Guest Additions: Introduce support for Ubuntu specific kernels (bug #20325)\n- Solaris guest: Increased default memory and disk sizes\n- EFI: Support network booting with the E1000 network controller emulation\n- EFI: Stability improvements (bug #20090)\n\n- This release fixes boo#1188535, VUL-0: CVE-2021-2454,\n                     boo#1188536, VUL-0: CVE-2021-2409,\n                     boo#1188537, VUL-0: CVE-2021-2442, and\n                     boo#1188538, VUL-0: CVE-2021-2443.\n\n- Add vboximg-mount to packaging. boo#1188045.\n- Fix CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT problem with kernel 5.13 as shown in boo#1188105. \n- Disable the build of kmp vboxvideo, at least temporarily. \n- Correct WantedBy entry in vboxadd-service\n- Require which for /usr/lib/virtualbox/vboxadd-service\n- fix license packaging, small cruft cleanup (avoid owning directories provided by filesystem rpm) ","id":"openSUSE-SU-2021:1092-1","modified":"2021-08-04T22:17:47Z","published":"2021-08-04T22:17:47Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UQOOU7OS5PW5QXPE2UITMUDKYSU7JH54/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188045"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188535"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188536"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188537"},{"type":"REPORT","url":"https://bugzilla.suse.com/1188538"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2409"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2442"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2443"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-2454"}],"related":["CVE-2021-2409","CVE-2021-2442","CVE-2021-2443","CVE-2021-2454"],"summary":"Security update for virtualbox","upstream":["CVE-2021-2409","CVE-2021-2442","CVE-2021-2443","CVE-2021-2454"]}