Bug 1169628 (CVE-2020-2741)

Summary: VUL-0: CVE-2020-2741: virtualbox: Oracle 2020 April CPU (update to 6.0.20 and 6.1.6)
Product: [openSUSE] openSUSE Distribution Reporter: Alexandros Toptsoglou <atoptsoglou>
Component: SecurityAssignee: Larry Finger <Larry.Finger>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium    
Version: Leap 15.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexandros Toptsoglou 2020-04-16 08:46:04 UTC
CVE-2020-2741 
CVE-2020-2742
CVE-2020-2743
CVE-2020-2748
CVE-2020-2758
CVE-2020-2894
CVE-2020-2902
CVE-2020-2905 
CVE-2020-2907
CVE-2020-2908
CVE-2020-2909
CVE-2020-2910
CVE-2020-2911 
CVE-2020-2913
CVE-2020-2914 
CVE-2020-2929
CVE-2020-2951
CVE-2020-2958
CVE-2020-2959

Leap should be upgraded to 6.0.20 and Factory to 6.1.6
https://www.oracle.com/security-alerts/cpuapr2020.html
Comment 1 Larry Finger 2020-04-17 20:53:09 UTC
Version 6.0.20 has been submitted to Leap 15.1
Version 6.1.6 has been submitted to Tumbleweed and Leap 15.2.
Comment 2 Alexandros Toptsoglou 2020-04-30 08:01:08 UTC
CVE-2020-2575 is also included in the update but only mentioned after the release.
Comment 3 OBSbugzilla Bot 2020-05-16 22:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1169628) was mentioned in
https://build.opensuse.org/request/show/806055 15.1 / virtualbox
Comment 4 Swamp Workflow Management 2020-07-03 16:15:44 UTC
openSUSE-SU-2020:0925-1: An update that fixes 19 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1169628
CVE References: CVE-2020-2741,CVE-2020-2742,CVE-2020-2743,CVE-2020-2748,CVE-2020-2758,CVE-2020-2894,CVE-2020-2902,CVE-2020-2905,CVE-2020-2907,CVE-2020-2908,CVE-2020-2909,CVE-2020-2910,CVE-2020-2911,CVE-2020-2913,CVE-2020-2914,CVE-2020-2929,CVE-2020-2951,CVE-2020-2958,CVE-2020-2959
Sources used:
openSUSE Leap 15.1 (src):    virtualbox-6.0.22-lp151.2.15.1