Bug 22930

Cauldron updated, 

Mga6 update will be pushed after the QT update mess is done

Depends on: (none) => 22657
Version: Cauldron => 6

openSUSE has issued an advisory for this today (April 24):
https://lists.opensuse.org/opensuse-updates/2018-04/msg00065.html

5.2.12 is out:
https://www.virtualbox.org/wiki/Changelog

Rpms to test:

SRPMS:
virtualbox-5.2.12-1.mga6.src.rpm


i586:
dkms-vboxadditions-5.2.12-1.mga6.noarch.rpm
dkms-virtualbox-5.2.12-1.mga6.noarch.rpm
python-virtualbox-5.2.12-1.mga6.i586.rpm
virtualbox-5.2.12-1.mga6.i586.rpm
virtualbox-devel-5.2.12-1.mga6.i586.rpm
virtualbox-guest-additions-5.2.12-1.mga6.i586.rpm
x11-driver-video-vboxvideo-5.2.12-1.mga6.i586.rpm



x86_64:
dkms-vboxadditions-5.2.12-1.mga6.noarch.rpm
dkms-virtualbox-5.2.12-1.mga6.noarch.rpm
python-virtualbox-5.2.12-1.mga6.x86_64.rpm
virtualbox-5.2.12-1.mga6.x86_64.rpm
virtualbox-devel-5.2.12-1.mga6.x86_64.rpm
virtualbox-guest-additions-5.2.12-1.mga6.x86_64.rpm
x11-driver-video-vboxvideo-5.2.12-1.mga6.x86_64.rpm



Prebuilt kmods will b built after kernel-4.14.40 is out

Assignee: tmb => qa-bugs
Depends on: (none) => 22909

Updated to:
- dkms-virtualbox-5.2.12-1.mga6.noarch
- virtualbox-5.2.12-1.mga6.x86_64

And also retrieved and installed the extpack per https://bugs.mageia.org/show_bug.cgi?id=18962#c27


Host: my workstation i7, kernel-desktop-4.14.40-1.mga6-1-1.mga6.x86_64, Geforce GTX750 with nvidia-current 390.48-1.mga6 with CUDA & OpenCL detected OK in BOINC, LVM on LUKS, , Plasma5.12 etc

Guest: Microsoft Windows 7 pro

Simple test: windows update works, some apps, firefox...
No audio, but i dont remember if i ever tried it before - never needed it here.

CC: (none) => fri

kmods are now built, so the added packages are:

SRPMS:
kmod-vboxadditions-5.2.12-1.mga6.src.rpm
kmod-virtualbox-5.2.12-1.mga6.src.rpm



i586:
vboxadditions-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.i586.rpm
vboxadditions-kernel-4.14.40-desktop586-1.mga6-5.2.12-1.mga6.i586.rpm
vboxadditions-kernel-4.14.40-server-1.mga6-5.2.12-1.mga6.i586.rpm
vboxadditions-kernel-desktop586-latest-5.2.12-1.mga6.i586.rpm
vboxadditions-kernel-desktop-latest-5.2.12-1.mga6.i586.rpm
vboxadditions-kernel-server-latest-5.2.12-1.mga6.i586.rpm

virtualbox-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.i586.rpm
virtualbox-kernel-4.14.40-desktop586-1.mga6-5.2.12-1.mga6.i586.rpm
virtualbox-kernel-4.14.40-server-1.mga6-5.2.12-1.mga6.i586.rpm
virtualbox-kernel-desktop586-latest-5.2.12-1.mga6.i586.rpm
virtualbox-kernel-desktop-latest-5.2.12-1.mga6.i586.rpm
virtualbox-kernel-server-latest-5.2.12-1.mga6.i586.rpm



x86_64:
boxadditions-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.x86_64.rpm
vboxadditions-kernel-4.14.40-server-1.mga6-5.2.12-1.mga6.x86_64.rpm
vboxadditions-kernel-desktop-latest-5.2.12-1.mga6.x86_64.rpm
vboxadditions-kernel-server-latest-5.2.12-1.mga6.x86_64.rpm

virtualbox-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.x86_64.rpm
virtualbox-kernel-4.14.40-server-1.mga6-5.2.12-1.mga6.x86_64.rpm
virtualbox-kernel-desktop-latest-5.2.12-1.mga6.x86_64.rpm
virtualbox-kernel-server-latest-5.2.12-1.mga6.x86_64.rpm

CC: (none) => tmb

Mageia 6, x86_64

Installed the desktop version and found the transition seamless.  Booted three mga5 guests, one at a time and found no problems.  Installed a large package on one and recovered saved state on another.

CC: (none) => tarazed25

on mga6-64 

packages installed cleanly:
- virtualbox-5.2.12-1.mga6.x86_64
- virtualbox-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.x86_64
- virtualbox-kernel-desktop-latest-5.2.12-1.mga6.x86_64

vbox re-launched normally
extension pack updated cleanly


on mga6-32 client:

packages installed cleanly:
- vboxadditions-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.i586
- vboxadditions-kernel-desktop-latest-5.2.12-1.mga6.i586
- virtualbox-guest-additions-5.2.12-1.mga6.i586
- x11-driver-video-vboxvideo-5.2.12-1.mga6.i586

client re-launched normally


on mga6-64 client

packages installed cleanly:
- vboxadditions-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.x86_64
- vboxadditions-kernel-desktop-latest-5.2.12-1.mga6.x86_64
- virtualbox-guest-additions-5.2.12-1.mga6.x86_64
- x11-driver-video-vboxvideo-5.2.12-1.mga6.x86_64

client re-launched normally


winxp and win7 clients:
additions updated; re-started normally


this update looks good for mga6-64 on this system

CC: (none) => jim

Installed this on Mageia 6, x86_64.
Host 4.14.40-desktop-1.mga6

Mageia vbox guests launched fine and behaved normally.  Upgraded the kernel in one vbox and rebooted without trouble.  Installed scheduled updates.

Leaving one 32-bit guest running for more longterm testing but at first look the update works fine.

Installed on Athlon X2 7750, 8GB, nvidia 340 graphics, atheros wifi, Plasma host system using the server kernel.

Packages installed cleanly. Downloaded and updated extension pack. Ran Windows XP guest, downloaded and inserted new guest additions. Everything looks good.

Ran a 64-bit Mageia guest that has not yet received the Grand Update. It ran fine, as far as I went with it, but I decided rather than go through the update yet again, I'll import a guest from another machine that has already had it done.

But, as far as I went, it looks good on this hardware.

CC: (none) => andrewsfarm

Updated 64-bit packages on a HP 6550b host (i3, 8GB,Intel graphics, Intel wifi), Plasma system using the 4.14.40 desktop kernel.

Packages installed cleanly. Downloaded and installed the extension pack. Ran Windows XP guest and inserted new guest additions. Also updated guest additions in both 64 and 32 bit Mageia 6 Plasma guests, along with vboxvideo driver.

Everything appears to work as it should. No problems noted at all.

On real hardware, M6, Plasma, 64-bit

Package(s) under test:
virtualbox

install from update testing:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest dkms-nvidia-current

The following 30 packages are going to be installed:

- binutils-2.25.1-7.mga6.x86_64
- dkms-2.0.19-39.mga6.noarch
- dkms-minimal-2.0.19-39.mga6.noarch
- dkms-virtualbox-5.2.12-1.mga6.noarch
- gcc-5.5.0-1.mga6.x86_64
- gcc-cpp-5.5.0-1.mga6.x86_64
- glibc-devel-2.22-28.mga6.x86_64
- isl-0.16.1-1.mga6.x86_64
- kernel-desktop-devel-4.14.40-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-4.14.43-1.mga6-1-1.mga6.x86_64
- kernel-desktop-devel-latest-4.14.43-1.mga6.x86_64
- kernel-userspace-headers-4.14.43-1.mga6.x86_64
- lib64bzip2-devel-1.0.6-10.mga6.x86_64
- lib64elfutils-devel-0.169-1.mga6.x86_64
- lib64isl15-0.16.1-1.mga6.x86_64
- lib64lzma-devel-5.2.3-1.mga6.x86_64
- lib64mpc3-1.0.3-1.mga6.x86_64
- lib64ncurses-devel-6.0-8.1.mga6.x86_64
- lib64zlib-devel-1.2.11-4.1.mga6.x86_64
- libstdc++5-3.3.6-15.mga6.x86_64
- libstdc++5-devel-3.3.6-15.mga6.x86_64
- vboxadditions-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.x86_64
- vboxadditions-kernel-desktop-latest-5.2.12-1.mga6.x86_64
- virtualbox-5.2.12-1.mga6.x86_64
- virtualbox-doc-5.1.30-1.mga6.noarch
- virtualbox-guest-additions-5.2.12-1.mga6.x86_64
- virtualbox-kernel-4.14.40-desktop-1.mga6-5.2.12-1.mga6.x86_64
- virtualbox-kernel-desktop-latest-5.2.12-1.mga6.x86_64
- x11-driver-video-vboxvideo-5.2.12-1.mga6.x86_64
- xrandr-1.5.0-1.mga6.x86_64

312MB of additional disk space will be used.

79MB of packages will be retrieved.

[root@localhost wilcal]# uname -a
Linux localhost 4.14.43-desktop-1.mga6 #1 SMP Wed May 23 05:30:09 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-4.14.43-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-5.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest
Package vboxadditions-kernel-desktop-latest-5.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-5.2.12-1.mga6.noarch is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-5.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-5.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.2.12-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-4.14.43-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-nvidia-current
Package dkms-nvidia-current-390.59-1.mga6.nonfree.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
00:02.0 VGA compatible controller: Intel Corporation Xeon E3-1200 v3/4th Gen Core Processor Integrated Graphics Controller (rev 06)
        Subsystem: Gigabyte Technology Co., Ltd Device d000
        Kernel driver in use: i915
        Kernel modules: i915

Mageia-6-LiveDVD-Xfce-i586-DVD.iso
md5sum: 911088471ddc24bc2d92084e19cec53
date: 7/11/17
M6 i586 Mate Live-DVD runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

Mageia-6-LiveDVD-GNOME-x86_64-DVD.iso
md5sum: 0511e13ba72f9fc6d155702d25704e1e
date: 7/11/17
M6 x86_64 Gnome Live-DVD runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

Mageia-6-x86_64-DVD.iso
md5sum: 55e20da532496124e6e720896fdf9fe4
date: 7/15/17
M6 x86_64 CI installed and then updated ( 332 files ).

Hardware used:

Intel Core i5-4460 Haswell Quad-Core 3.2GHz LGA 115
Gigabyte GA-B85M-D3H LGA 1150 Intel B85 chipset
Integrated Graphics Processor - Intel HD Graphics support
Audito chipset - Realtek ALC892, 7.1 channels
Corsair Vengeance 8GB ( 2 x 4GB ) 240-pin DDR3 SDRAM 1600

CC: (none) => wilcal.int

Looks like no one has had any problems with this. OKing for 64-bit.

Is there any reason why it shouldn't be pushed, so that the kmods for the new kernel can be built?

Whiteboard: (none) => MGA6-64-OK

Advisory (added to svn), validating to get new kernel kmods out

type: security
subject: Updated virtualbox packages fix security vulnerabilities
CVE:
 - CVE-2018-0739
 - CVE-2018-2830
 - CVE-2018-2831
 - CVE-2018-2835
 - CVE-2018-2836
 - CVE-2018-2837
 - CVE-2018-2842
 - CVE-2018-2843
 - CVE-2018-2844
 - CVE-2018-2845
 - CVE-2018-2860
src:
  6:
   core:
     - virtualbox-5.2.12-1.mga6
     - kmod-virtualbox-5.2.12-1.mga6
     - kmod-vboxadditions-5.2.12-1.mga6
description: |
  This update provides virtualbox 5.2.12 and fixes the following security
  issues:

  Unauthorized remote attacker may have caused a hang or frequently
  repeatable crash (complete DOS) (CVE-2018-0739).

  Attacker with host login may have compromised Virtualbox or further system
  services after interaction with a third user (CVE-2018-2830).

  Attacker with host login may have compromised VirtualBox or further system
  services, allowing read access to some data (CVE-2018-2831).

  Attacker with host login may have gained control over VirtualBox and
  possibly further system services after interacting with a third user
  (CVE-2018-2835, CVE-2018-2836, CVE-2018-2837, CVE-2018-2842,
  CVE-2018-2843, CVE-2018-2844).

  Attacker with host login may have caused a hang or frequently repeatable
  crash (complete DOS), and perform unauthorized read and write operation
  to some VirtualBox accessible data (CVE-2018-2845).

  Privileged attacker may have gained control over VirtualBox and possibly
  further system services (CVE-2018-2860).

  For other fixes in this update, see the referenced changelog 
references:
 - https://bugs.mageia.org/show_bug.cgi?id=22930
 - https://www.virtualbox.org/wiki/Changelog
 - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixOVIR

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0257.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED