SUSE 5170 Published by

SUSE Linux has been updated with security enhancements, featuring a major security update for VirtualBox, moderate updates for Govulncheck-Vulndb, and moderate updates for CoreDNS-1.11.3+git.

openSUSE-SU-2024:0364-1: important: Security update for virtualbox
openSUSE-SU-2024:14482-1: moderate: govulncheck-vulndb-0.0.20241108T172500-1.1 on GA media
openSUSE-SU-2024:14481-1: moderate: coredns-1.11.3+git129.387f34d-1.1 on GA media




openSUSE-SU-2024:0364-1: important: Security update for virtualbox


openSUSE Security Update: Security update for virtualbox
_______________________________

Announcement ID: openSUSE-SU-2024:0364-1
Rating: important
References: #1231225 #1231735 #1231736 #1231737 #1231738

Cross-References: CVE-2024-21248 CVE-2024-21259 CVE-2024-21263
CVE-2024-21273
Affected Products:
openSUSE Backports SLE-15-SP6
openSUSE Leap 15.6
_______________________________

An update that solves four vulnerabilities and has one
errata is now available.

Description:

This update for virtualbox fixes the following issues:

Update to release 7.1.4:

* NAT: Fixed DHCP problems with certain guests when domain is empty
* VMSVGA: Improved flickering, black screen and other screen update issues
with recent Linux kernels
* Linux Guest Additions: Introduce initial support for kernel 6.12
* EFI: Added missing LsiLogic MPT SCSI driver again to fix booting from
devices attached to this device if the EFI firmware is used (7.1.0
regression)
* EFI: Restored broken network boot support (7.1.0 regression)
* Adressed CVE-2024-21248 [boo#1231735], CVE-2024-21273 [boo#1231736],
CVE-2024-21259 [boo#1231737], CVE-2024-21263 [boo#1231738]

- Make the Extension Pack work with our compiler flags and RT_NOEXCEPT
choices. [boo#1231225]

Update to release 7.1:

* The GUI now offers a selection between Basic and Experienced user level
with reduced or full UI functionality.
* VRDE: If user does not set up TLS with custom certificates, enable it
with self-signed certificate, including issuing a new one before the old
one expires
* NAT: New engine with IPv6 support.
* Linux host and guest: Added Wayland support for Clipboard sharing.

- Changed license from Gpl-2.0 to Gpl-3.0

Version bump to VirtualBox 7.0.20 (released July 16 2024 by Oracle))

This is a maintenance release. The following items were fixed and/or added:

- TPM: Fixed errors appearing the event viewer with Windows guests
- macOS Hosts: Fixed passing USB devices to the VM (bug #21218)
- Audio: Fixed recording with HDA emulation after newer Windows 10 / 11
guests got rebooted
- USB: Fixed a deadlock in OHCI triggered when saving the current state of
a VM or taking a snapshot (bug #22059)
- Linux Guest and Host: Introduced initial support for OpenSuse 15.6 kernel
- Linux Guest and Host: Introduced initial support for RHEL 9.5 kernel
(bug #22099)
- Guest Additions: Shared Clipboard: Fixed issue when extra new lines were
pasted when copying text between Win and X11 (bug #21716)
- UEFI Secure Boot: Add new Microsoft certificates to list for new VMs

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.6:

zypper in -t patch openSUSE-2024-364=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2024-364=1

Package List:

- openSUSE Leap 15.6 (x86_64):

python3-virtualbox-7.1.4-lp156.2.4.1
python3-virtualbox-debuginfo-7.1.4-lp156.2.4.1
virtualbox-7.1.4-lp156.2.4.1
virtualbox-debuginfo-7.1.4-lp156.2.4.1
virtualbox-debugsource-7.1.4-lp156.2.4.1
virtualbox-devel-7.1.4-lp156.2.4.1
virtualbox-guest-tools-7.1.4-lp156.2.4.1
virtualbox-guest-tools-debuginfo-7.1.4-lp156.2.4.1
virtualbox-kmp-debugsource-7.1.4-lp156.2.4.1
virtualbox-kmp-default-7.1.4_k6.4.0_150600.23.25-lp156.2.4.1
virtualbox-kmp-default-debuginfo-7.1.4_k6.4.0_150600.23.25-lp156.2.4.1
virtualbox-qt-7.1.4-lp156.2.4.1
virtualbox-qt-debuginfo-7.1.4-lp156.2.4.1
virtualbox-vnc-7.1.4-lp156.2.4.1
virtualbox-websrv-7.1.4-lp156.2.4.1
virtualbox-websrv-debuginfo-7.1.4-lp156.2.4.1

- openSUSE Leap 15.6 (noarch):

virtualbox-guest-desktop-icons-7.1.4-lp156.2.4.1
virtualbox-guest-source-7.1.4-lp156.2.4.1
virtualbox-host-source-7.1.4-lp156.2.4.1

- openSUSE Backports SLE-15-SP6 (aarch64 ppc64le x86_64):

kbuild-0.1.9998+svn3613-bp156.2.3.1
kbuild-debuginfo-0.1.9998+svn3613-bp156.2.3.1
kbuild-debugsource-0.1.9998+svn3613-bp156.2.3.1

References:

https://www.suse.com/security/cve/CVE-2024-21248.html
https://www.suse.com/security/cve/CVE-2024-21259.html
https://www.suse.com/security/cve/CVE-2024-21263.html
https://www.suse.com/security/cve/CVE-2024-21273.html
https://bugzilla.suse.com/1231225
https://bugzilla.suse.com/1231735
https://bugzilla.suse.com/1231736
https://bugzilla.suse.com/1231737
https://bugzilla.suse.com/1231738



openSUSE-SU-2024:14482-1: moderate: govulncheck-vulndb-0.0.20241108T172500-1.1 on GA media


# govulncheck-vulndb-0.0.20241108T172500-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14482-1
Rating: moderate

Cross-References:

* CVE-2024-10975
* CVE-2024-45794

Affected Products:

* openSUSE Tumbleweed

An update that solves 2 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the govulncheck-vulndb-0.0.20241108T172500-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20241108T172500-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-10975.html
* https://www.suse.com/security/cve/CVE-2024-45794.html



openSUSE-SU-2024:14481-1: moderate: coredns-1.11.3+git129.387f34d-1.1 on GA media


# coredns-1.11.3+git129.387f34d-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14481-1
Rating: moderate

Cross-References:

* CVE-2024-51744

CVSS scores:

* CVE-2024-51744 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2024-51744 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the coredns-1.11.3+git129.387f34d-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* coredns 1.11.3+git129.387f34d-1.1
* coredns-extras 1.11.3+git129.387f34d-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-51744.html