python3-virtualbox-7.0.8-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12912-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python3-virtualbox-7.0.8-1.1 on GA media These are all security issues fixed in the python3-virtualbox-7.0.8-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12912 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-21987/ SUSE CVE CVE-2023-21987 page https://www.suse.com/security/cve/CVE-2023-21988/ SUSE CVE CVE-2023-21988 page https://www.suse.com/security/cve/CVE-2023-21989/ SUSE CVE CVE-2023-21989 page https://www.suse.com/security/cve/CVE-2023-21990/ SUSE CVE CVE-2023-21990 page https://www.suse.com/security/cve/CVE-2023-21991/ SUSE CVE CVE-2023-21991 page https://www.suse.com/security/cve/CVE-2023-21998/ SUSE CVE CVE-2023-21998 page https://www.suse.com/security/cve/CVE-2023-21999/ SUSE CVE CVE-2023-21999 page https://www.suse.com/security/cve/CVE-2023-22000/ SUSE CVE CVE-2023-22000 page https://www.suse.com/security/cve/CVE-2023-22001/ SUSE CVE CVE-2023-22001 page https://www.suse.com/security/cve/CVE-2023-22002/ SUSE CVE CVE-2023-22002 page openSUSE Tumbleweed python3-virtualbox-7.0.8-1.1 virtualbox-7.0.8-1.1 virtualbox-devel-7.0.8-1.1 virtualbox-guest-desktop-icons-7.0.8-1.1 virtualbox-guest-source-7.0.8-1.1 virtualbox-guest-tools-7.0.8-1.1 virtualbox-host-source-7.0.8-1.1 virtualbox-qt-7.0.8-1.1 virtualbox-vnc-7.0.8-1.1 virtualbox-websrv-7.0.8-1.1 python3-virtualbox-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-devel-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-guest-desktop-icons-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-guest-source-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-guest-tools-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-host-source-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-qt-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-vnc-7.0.8-1.1 as a component of openSUSE Tumbleweed virtualbox-websrv-7.0.8-1.1 as a component of openSUSE Tumbleweed Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). CVE-2023-21987 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21987.html CVE-2023-21987 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). CVE-2023-21988 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21988.html CVE-2023-21988 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2023-21989 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21989.html CVE-2023-21989 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). CVE-2023-21990 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21990.html CVE-2023-21990 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). CVE-2023-21991 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21991.html CVE-2023-21991 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). CVE-2023-21998 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21998.html CVE-2023-21998 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). CVE-2023-21999 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-21999.html CVE-2023-21999 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). CVE-2023-22000 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-22000.html CVE-2023-22000 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N). CVE-2023-22001 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-22001.html CVE-2023-22001 https://bugzilla.suse.com/1210616 SUSE Bug 1210616 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.44 and Prior to 7.0.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). CVE-2023-22002 openSUSE Tumbleweed:python3-virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-devel-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-desktop-icons-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-guest-tools-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-host-source-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-qt-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-vnc-7.0.8-1.1 openSUSE Tumbleweed:virtualbox-websrv-7.0.8-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-22002.html CVE-2023-22002 https://bugzilla.suse.com/1210616 SUSE Bug 1210616