Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:1486-1 Final 1 1 2020-09-20T10:21:13Z current 2020-09-20T10:21:13Z 2020-09-20T10:21:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox This update for virtualbox fixes the following issues: Update to Oracle version 6.1.14a. This minor update enables the building of libvirt again. Version update to 6.1.14 (released September 04 2020 by Oracle) File 'fix_virtio_build.patch' is added to fix a build problem. This is a maintenance release. The following items were fixed and/or added: GUI: Fixes file name changes in the File location field when creating Virtual Hard Disk (bug #19286) VMM: Fixed running VMs which failed to start with VERR_NEM_MISSING_KERNEL_API_2 when Hyper-V is used (bug #19779 and #19804) Audio: fix regression in HDA emulation introduced in 6.1.0 Shared Clipboard: Fixed a potential crash when copying HTML data (6.1.2 regression; bug #19226) Linux host and guest: Linux kernel version 5.8 support EFI: Fixed reading ISO9660 filesystems on attached media (6.1.0 regression; bug #19682) EFI: Support booting from drives attached to the LsiLogic SCSI and SAS controller emulations Pseudo version bump to 6.1.13, which is NOT an Oracle release. Update VB sources to run under kernel 5.8.0+ with no modifications to the kernel. These sources are derived from r85883 of the Oracle svn repository. For operations with USB{2,3}, the extension pack for revision 140056 must be installed. Once Oracle releases 6.1.14, then the extension pack and VB itself will have the same revision number. File 'fixes_for_5.8.patch' is removed as that part was fixed upstream. Fixes boo#1175201. Apply Oracle changes for kernel 5.8. Version bump to 6.1.12 (released July 14 2020 by Oracle) This is a maintenance release. The following items were fixed and/or added: File 'turn_off_cloud_net.patch' added. Fixes for CVE-2020-14628, CVE-2020-14646, CVE-2020-14647, CVE-2020-14649 CVE-2020-14713, CVE-2020-14674, CVE-2020-14675, CVE-2020-14676 CVE-2020-14677, CVE-2020-14699, CVE-2020-14711, CVE-2020-14629 CVE-2020-14703, CVE-2020-14704, CVE-2020-14648, CVE-2020-14650 CVE-2020-14673, CVE-2020-14694, CVE-2020-14695, CVE-2020-14698 CVE-2020-14700, CVE-2020-14712, CVE-2020-14707, CVE-2020-14714 CVE-2020-14715 boo#1174159. UI: Fixes for Log-Viewer search-backward icon Devices: Fixes and improvements for the BusLogic SCSI controller emulation Serial Port: Regression fixes in FIFO data handling Oracle Cloud Infrastructure integration: Experimental new type of network attachment, allowing local VM to act as if it was run in cloud API: improved resource management in the guest control functionality VBoxManage: fixed command option parsing for the 'snapshot edit' sub-command VBoxManage: Fix crash of 'VBoxManage internalcommands repairhd' when processing invalid input (bug #19579) Guest Additions, 3D: New experimental GLX graphics output Guest Additions, 3D: Fixed releasing texture objects, which could cause guest crashes Guest Additions: Fixed writes to a file on a shared folder not being reflected on the host when the file is mmap'ed and the used Linux kernel is between version 4.10.0 and 4.11.x Guest Additions: Fixed the shared folder driver on 32bit Windows 8 and newer returning an error when flushing writes to a file which is mapped into memory under rare circumstances Guest Additions: Improve resize coverage for VMSVGA graphics controller Guest Additions: Fix issues detecting guest additions ISO at runtime Guest Additions: Fixed German translation encoding for Windows GA installer The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-1486 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html E-Mail link for openSUSE-SU-2020:1486-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1114605 SUSE Bug 1114605 https://bugzilla.suse.com/1174075 SUSE Bug 1174075 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 https://bugzilla.suse.com/1175201 SUSE Bug 1175201 https://www.suse.com/security/cve/CVE-2020-14628/ SUSE CVE CVE-2020-14628 page https://www.suse.com/security/cve/CVE-2020-14629/ SUSE CVE CVE-2020-14629 page https://www.suse.com/security/cve/CVE-2020-14646/ SUSE CVE CVE-2020-14646 page https://www.suse.com/security/cve/CVE-2020-14647/ SUSE CVE CVE-2020-14647 page https://www.suse.com/security/cve/CVE-2020-14648/ SUSE CVE CVE-2020-14648 page https://www.suse.com/security/cve/CVE-2020-14649/ SUSE CVE CVE-2020-14649 page https://www.suse.com/security/cve/CVE-2020-14650/ SUSE CVE CVE-2020-14650 page https://www.suse.com/security/cve/CVE-2020-14673/ SUSE CVE CVE-2020-14673 page https://www.suse.com/security/cve/CVE-2020-14674/ SUSE CVE CVE-2020-14674 page https://www.suse.com/security/cve/CVE-2020-14675/ SUSE CVE CVE-2020-14675 page https://www.suse.com/security/cve/CVE-2020-14676/ SUSE CVE CVE-2020-14676 page https://www.suse.com/security/cve/CVE-2020-14677/ SUSE CVE CVE-2020-14677 page https://www.suse.com/security/cve/CVE-2020-14694/ SUSE CVE CVE-2020-14694 page https://www.suse.com/security/cve/CVE-2020-14695/ SUSE CVE CVE-2020-14695 page https://www.suse.com/security/cve/CVE-2020-14698/ SUSE CVE CVE-2020-14698 page https://www.suse.com/security/cve/CVE-2020-14699/ SUSE CVE CVE-2020-14699 page https://www.suse.com/security/cve/CVE-2020-14700/ SUSE CVE CVE-2020-14700 page https://www.suse.com/security/cve/CVE-2020-14703/ SUSE CVE CVE-2020-14703 page https://www.suse.com/security/cve/CVE-2020-14704/ SUSE CVE CVE-2020-14704 page https://www.suse.com/security/cve/CVE-2020-14707/ SUSE CVE CVE-2020-14707 page https://www.suse.com/security/cve/CVE-2020-14711/ SUSE CVE CVE-2020-14711 page https://www.suse.com/security/cve/CVE-2020-14712/ SUSE CVE CVE-2020-14712 page https://www.suse.com/security/cve/CVE-2020-14713/ SUSE CVE CVE-2020-14713 page https://www.suse.com/security/cve/CVE-2020-14714/ SUSE CVE CVE-2020-14714 page https://www.suse.com/security/cve/CVE-2020-14715/ SUSE CVE CVE-2020-14715 page openSUSE Leap 15.2 python3-virtualbox-6.1.14-lp152.2.5.1 virtualbox-6.1.14-lp152.2.5.1 virtualbox-devel-6.1.14-lp152.2.5.1 virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 virtualbox-guest-source-6.1.14-lp152.2.5.1 virtualbox-guest-tools-6.1.14-lp152.2.5.1 virtualbox-guest-x11-6.1.14-lp152.2.5.1 virtualbox-host-source-6.1.14-lp152.2.5.1 virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 virtualbox-qt-6.1.14-lp152.2.5.1 virtualbox-vnc-6.1.14-lp152.2.5.1 virtualbox-websrv-6.1.14-lp152.2.5.1 python3-virtualbox-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-devel-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-guest-source-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-guest-tools-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-guest-x11-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-host-source-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-qt-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-vnc-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 virtualbox-websrv-6.1.14-lp152.2.5.1 as a component of openSUSE Leap 15.2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14628 is applicable to Windows VM only. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14628 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14628.html CVE-2020-14628 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14629 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14629.html CVE-2020-14629 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14646 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14646.html CVE-2020-14646 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14647 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14647.html CVE-2020-14647 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14648 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14648.html CVE-2020-14648 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14649 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14649.html CVE-2020-14649 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14650 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14650.html CVE-2020-14650 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14673 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14673.html CVE-2020-14673 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14674 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14674.html CVE-2020-14674 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14675 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14675.html CVE-2020-14675 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14676 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14676.html CVE-2020-14676 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14677 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14677.html CVE-2020-14677 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14694 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14694.html CVE-2020-14694 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14695 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14695.html CVE-2020-14695 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14698 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14698.html CVE-2020-14698 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14699 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14699.html CVE-2020-14699 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14700 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14700.html CVE-2020-14700 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14703 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14703.html CVE-2020-14703 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2020-14704 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14704.html CVE-2020-14704 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H). CVE-2020-14707 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14707.html CVE-2020-14707 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: The CVE-2020-14711 is applicable to macOS host only. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). CVE-2020-14711 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14711.html CVE-2020-14711 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N). CVE-2020-14712 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14712.html CVE-2020-14712 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2020-14713 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14713.html CVE-2020-14713 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2020-14714 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14714.html CVE-2020-14714 https://bugzilla.suse.com/1174159 SUSE Bug 1174159 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CVE-2020-14715 openSUSE Leap 15.2:python3-virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-devel-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-desktop-icons-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-tools-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-guest-x11-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-host-source-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-default-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-kmp-preempt-6.1.14_k5.3.18_lp152.41-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-qt-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-vnc-6.1.14-lp152.2.5.1 openSUSE Leap 15.2:virtualbox-websrv-6.1.14-lp152.2.5.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2020-09/msg00068.html https://www.suse.com/security/cve/CVE-2020-14715.html CVE-2020-14715 https://bugzilla.suse.com/1174159 SUSE Bug 1174159