Bug 1185211 - (CVE-2021-2310) VUL-0: virtualbox: Oracle Critical Patch Update Advisory - April 2021
(CVE-2021-2310)
VUL-0: virtualbox: Oracle Critical Patch Update Advisory - April 2021
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Basesystem
Leap 15.2
Other Other
: P3 - Medium : Major (vote)
: ---
Assigned To: Larry Finger
Security Team bot
https://smash.suse.de/issue/282777/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-23 06:22 UTC by Alexander Bergmann
Modified: 2021-04-29 08:49 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2021-04-23 06:22:05 UTC
Oracle Critical Patch Update Advisory - April 2021

https://www.oracle.com/security-alerts/cpuapr2021.html#AppendixOVIR

CVE-2021-2145
CVE-2021-2250
CVE-2021-2264
CVE-2021-2266
CVE-2021-2279
CVE-2021-2280
CVE-2021-2281
CVE-2021-2282
CVE-2021-2283
CVE-2021-2284
CVE-2021-2285
CVE-2021-2286
CVE-2021-2287
CVE-2021-2291
CVE-2021-2296
CVE-2021-2297
CVE-2021-2306
CVE-2021-2309
CVE-2021-2310
CVE-2021-2312
Comment 1 Matthias Gerstner 2021-04-23 06:52:14 UTC
CVE-2021-2264 was found by us and is already covered in bsc#1184542.
Comment 2 Larry Finger 2021-04-24 21:53:58 UTC
The VB upgrade to version 6.1.20 has been submitted to Tumbleweed, Leap 15.2 and Leap 15.3.
Comment 3 Alexander Bergmann 2021-04-29 08:49:54 UTC
The initial list of CVEs was updated with an additional CVE.

CVE-2021-2321 was added to the Virtualization risk matrix (2021-April-26).

Same as the other CVEs, this issue only exists prior to 6.1.20.