Bug 1191869 (CVE-2021-35538)

Summary: VUL-0: CVE-2021-35538: virtualbox: Oracle Critical Patch Update Advisory - October 2021
Product: [openSUSE] openSUSE Distribution Reporter: Alexander Bergmann <abergmann>
Component: BasesystemAssignee: Larry Finger <Larry.Finger>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium    
Version: Leap 15.3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Alexander Bergmann 2021-10-20 12:57:44 UTC
https://www.oracle.com/security-alerts/cpuoct2021.html#AppendixOVIR

VirtualBox prior to 6.1.28

* CVE-2021-35538
* CVE-2021-35545
* CVE-2021-35540
* CVE-2021-35542
* CVE-2021-2475
Comment 1 Larry Finger 2021-10-21 17:56:24 UTC
VirtualBox 6.1.28 has been sent to Factory. Leap versions to follow soon.
Comment 2 OBSbugzilla Bot 2021-10-21 22:40:16 UTC
This is an autogenerated message for OBS integration:
This bug (1191869) was mentioned in
https://build.opensuse.org/request/show/926831 15.3 / virtualbox
https://build.opensuse.org/request/show/926833 15.2 / virtualbox
Comment 3 Larry Finger 2021-10-22 16:05:13 UTC
As version 6.1.28 has been sent to openSUSE Factory (Tumbleweed), Leap 15.2, and Leap 15.3, I am closing this BUG as fixed.
Comment 4 Swamp Workflow Management 2021-10-26 13:22:06 UTC
openSUSE-SU-2021:1393-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191104,1191526,1191869
CVE References: CVE-2021-2475,CVE-2021-35538,CVE-2021-35540,CVE-2021-35542,CVE-2021-35545
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    virtualbox-6.1.28-lp153.2.12.1, virtualbox-kmp-6.1.28-lp153.2.12.1
Comment 5 Swamp Workflow Management 2021-10-31 20:20:50 UTC
openSUSE-SU-2021:1403-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 1191104,1191526,1191869
CVE References: CVE-2021-2475,CVE-2021-35538,CVE-2021-35540,CVE-2021-35542,CVE-2021-35545
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    virtualbox-6.1.28-lp152.2.38.1, virtualbox-kmp-6.1.28-lp152.2.38.1