{"affected":[{"ecosystem_specific":{"binaries":[{"python3-virtualbox":"6.1.36-lp153.2.33.2","virtualbox":"6.1.36-lp153.2.33.2","virtualbox-devel":"6.1.36-lp153.2.33.2","virtualbox-guest-desktop-icons":"6.1.36-lp153.2.33.2","virtualbox-guest-source":"6.1.36-lp153.2.33.2","virtualbox-guest-tools":"6.1.36-lp153.2.33.2","virtualbox-host-source":"6.1.36-lp153.2.33.2","virtualbox-kmp-default":"6.1.36_k5.3.18_150300.59.90-lp153.2.33.2","virtualbox-kmp-preempt":"6.1.36_k5.3.18_150300.59.90-lp153.2.33.2","virtualbox-qt":"6.1.36-lp153.2.33.2","virtualbox-vnc":"6.1.36-lp153.2.33.2","virtualbox-websrv":"6.1.36-lp153.2.33.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"virtualbox","purl":"pkg:rpm/opensuse/virtualbox&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.1.36-lp153.2.33.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"python3-virtualbox":"6.1.36-lp153.2.33.2","virtualbox":"6.1.36-lp153.2.33.2","virtualbox-devel":"6.1.36-lp153.2.33.2","virtualbox-guest-desktop-icons":"6.1.36-lp153.2.33.2","virtualbox-guest-source":"6.1.36-lp153.2.33.2","virtualbox-guest-tools":"6.1.36-lp153.2.33.2","virtualbox-host-source":"6.1.36-lp153.2.33.2","virtualbox-kmp-default":"6.1.36_k5.3.18_150300.59.90-lp153.2.33.2","virtualbox-kmp-preempt":"6.1.36_k5.3.18_150300.59.90-lp153.2.33.2","virtualbox-qt":"6.1.36-lp153.2.33.2","virtualbox-vnc":"6.1.36-lp153.2.33.2","virtualbox-websrv":"6.1.36-lp153.2.33.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"virtualbox-kmp","purl":"pkg:rpm/opensuse/virtualbox-kmp&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.1.36-lp153.2.33.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for virtualbox fixes the following issues:\n\n- Remove package virtualbox-guest-x11, which is no longer needed. \n\n- Fix screen resizing under Wayland (boo#1194126 and boo#1194126)\n\nVersion bump to 6.1.36 released by Oracle July 19 2022\n\nThis is a maintenance release. The following items were fixed and/or added:\n\n- VMM: Fixed possible Linux guest kernel crash when configuring Speculative Store Bypass for a single vCPU VM\n- GUI: In the storage page of the virtual machine settings dialog, fixed a bug which disrupted mouse interaction with the native file selector on KDE\n- NAT: Prevent issue when host resolver incorrectly returned NXDOMAIN for unsupported queries (bug #20977)\n- Audio: General improvements in saved state area\n- Recording: Various fixes for settings handling\n- VGA: Performance improvements for screen updates when VBE banking is used\n- USB: Fixed rare crashes when detaching a USB device\n- ATA: Fixed NT4 guests taking a minute to eject CDs\n- vboximg-mount: Fixed broken write support (bug #20896)\n- SDK: Fixed Python bindings incorrectly trying to convert arbitrary byte data into unicode objects with Python 3, causing exceptions (bug #19740)\n- API: Fixed an issue when virtual USB mass storage devices or virtual USB DVD drives are added while the VM is not running are by default not marked as hot-pluggable\n- API: Initial support for Python 3.10\n- API: Solaris OS types cleanup\n- Linux and Solaris hosts: Allow to mount shared folder if it is represented as a symlink on a host side (bug #17491)\n- Linux Host and Guest drivers: Introduced initial support for kernels 5.18, 5.19 and RHEL 9.1 (bugs #20914, #20941)\n- Linux Host and Guest drivers: Better support for kernels built with clang compiler (bugs #20425 and #20998)\n- Solaris Guest Additions: General improvements in installer area\n- Solaris Guest Additions: Fixed guest screen resize in VMSVGA graphics configuration\n- Linux and Solaris Guest Additions: Fixed multi-screen handling in VBoxVGA and VBoxSVGA graphics configuration\n- Linux and Solaris Guest Additions: Added support for setting primary screen via VBoxManage\n- Linux and Solaris Guest Additions: Fixed X11 resources leak when resizing guest screens\n- Linux and Solaris Guest Additions: Fixed file descriptor leak when starting a process using guest control (bug #20902)\n- Linux and Solaris Guest Additions: Fixed guest control executing processes as root\n- Linux Guest Additions: Improved guests booting time by preventing kernel modules from being rebuilt when it is not necessary (bug #20502)\n- Windows Guest Additions: Fixed VBoxTray crash on startup in NT4 guests on rare circumstances\n- Fixes CVE-2022-21571) VUL-0: CVE-2022-21571,CVE-2022-21554 - boo#1201720\n","id":"openSUSE-SU-2022:10122-1","modified":"2022-09-16T08:01:40Z","published":"2022-09-16T08:01:40Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IW7PPIWGXC43ULEMZIOEZJIZ4XLRO2X4/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1194126"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201720"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21554"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21571"}],"related":["CVE-2022-21554","CVE-2022-21571"],"summary":"Security update for virtualbox","upstream":["CVE-2022-21554","CVE-2022-21571"]}