SB2020070327 - OpenSUSE Linux update for Virtualbox

Description

This security bulletin contains information about 19 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2020-2741)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

2) Improper input validation (CVE-ID: CVE-2020-2742)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

3) Improper input validation (CVE-ID: CVE-2020-2743)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

4) Improper input validation (CVE-ID: CVE-2020-2748)

The vulnerability allows a local privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to gain access to sensitive information.

5) Improper input validation (CVE-ID: CVE-2020-2758)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

6) Improper input validation (CVE-ID: CVE-2020-2894)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

7) Improper input validation (CVE-ID: CVE-2020-2902)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.

8) Improper input validation (CVE-ID: CVE-2020-2905)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

9) Improper input validation (CVE-ID: CVE-2020-2907)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

10) Improper input validation (CVE-ID: CVE-2020-2908)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

11) Improper input validation (CVE-ID: CVE-2020-2909)

The vulnerability allows a local authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to perform service disruption.

12) Improper input validation (CVE-ID: CVE-2020-2910)

The vulnerability allows a local authenticated user to manipulate data.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to manipulate data.

13) Improper input validation (CVE-ID: CVE-2020-2911)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

14) Improper input validation (CVE-ID: CVE-2020-2913)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.

15) Improper input validation (CVE-ID: CVE-2020-2914)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.

16) Improper input validation (CVE-ID: CVE-2020-2929)

The vulnerability allows a local authenticated user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to execute arbitrary code.

17) Improper input validation (CVE-ID: CVE-2020-2951)

The vulnerability allows a local authenticated user to a crash the entire system.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local authenticated user can exploit this vulnerability to a crash the entire system.

18) Improper input validation (CVE-ID: CVE-2020-2958)

The vulnerability allows a local privileged user to execute arbitrary code.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A local privileged user can exploit this vulnerability to execute arbitrary code.

19) Improper input validation (CVE-ID: CVE-2020-2959)

The vulnerability allows a remote non-authenticated attacker to a crash the entire system.

The vulnerability exists due to improper input validation within the Core component in Oracle VM VirtualBox. A remote non-authenticated attacker can exploit this vulnerability to a crash the entire system.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2020-07/msg00001.html