The April 2016 Oracle CPU shows a security issue fixed in VirtualBox 5.0.18: http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Advisory: Updated virtualbox packages fixes security and other bugs. This update provides virtualbox 5.0.20 maintenance release, and fixes the following security issue: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core. (CVE-2016-0678) For other fixes in this update, see the referenced changelog. References: https://www.virtualbox.org/wiki/Changelog SRPMS: kmod-virtualbox-5.0.20-1.mga5.src.rpm kmod-virtualbox-5.0.20-2.mga5.src.rpm virtualbox-5.0.20-1.mga5.src.rpm i586: dkms-vboxadditions-5.0.20-1.mga5.noarch.rpm dkms-virtualbox-5.0.20-1.mga5.noarch.rpm python-virtualbox-5.0.20-1.mga5.i586.rpm vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.i586.rpm vboxadditions-kernel-4.1.15-desktop586-2.mga5-5.0.20-1.mga5.i586.rpm vboxadditions-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.0.20-1.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.0.20-1.mga5.i586.rpm vboxadditions-kernel-server-latest-5.0.20-1.mga5.i586.rpm virtualbox-5.0.20-1.mga5.i586.rpm virtualbox-devel-5.0.20-1.mga5.i586.rpm virtualbox-guest-additions-5.0.20-1.mga5.i586.rpm virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.i586.rpm virtualbox-kernel-4.1.15-desktop586-2.mga5-5.0.20-1.mga5.i586.rpm virtualbox-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.0.20-1.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.0.20-1.mga5.i586.rpm virtualbox-kernel-server-latest-5.0.20-1.mga5.i586.rpm x11-driver-video-vboxvideo-5.0.20-1.mga5.i586.rpm x86_64: dkms-vboxadditions-5.0.20-1.mga5.noarch.rpm dkms-virtualbox-5.0.20-1.mga5.noarch.rpm python-virtualbox-5.0.20-1.mga5.x86_64.rpm vboxadditions-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.x86_64.rpm vboxadditions-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.0.20-1.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.0.20-1.mga5.x86_64.rpm virtualbox-5.0.20-1.mga5.x86_64.rpm virtualbox-devel-5.0.20-1.mga5.x86_64.rpm virtualbox-guest-additions-5.0.20-1.mga5.x86_64.rpm virtualbox-kernel-4.1.15-desktop-2.mga5-5.0.20-1.mga5.x86_64.rpm virtualbox-kernel-4.1.15-server-2.mga5-5.0.20-1.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.0.20-1.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.0.20-1.mga5.x86_64.rpm x11-driver-video-vboxvideo-5.0.20-1.mga5.x86_64.rpm
Assignee: tmb => qa-bugs
Typo in SRPMS, should be: SRPMS: kmod-vboxadditions-5.0.20-1.mga5.src.rpm kmod-virtualbox-5.0.20-1.mga5.src.rpm virtualbox-5.0.20-1.mga5.src.rpm
CC: (none) => tmb
Blocks: (none) => 18031
Note: These packages should work with kernel 4.1.15
The virtualbox-kernel-desktop-latest requires kernel 4.4.9 Thomas. To satisfy dependencies, the following package(s) also need to be installed: - btrfs-progs-4.4.1-1.mga5.x86_64 - dracut-038-21.mga5.x86_64 - kernel-desktop-4.4.9-1.mga5-1-1.mga5.x86_64 - kernel-firmware-20160409-1.mga5.noarch - lib64btrfs0-4.4.1-1.mga5.x86_64 - virtualbox-kernel-4.4.9-desktop-1.mga5-5.0.20-2.mga5.x86_64
Whiteboard: (none) => feedback
That's because the builds are done for both 4.1.15-2 and 4.4.9-1 at the same time, so you need to be specific and install virtualbox-kernel-desktop-latest-5.0.20-1.mga5 (note the .1.mga5 for 4.1.15-2 and .2.mga5 for 4.4.9-1) Sorry for not being more specific about this
Whiteboard: feedback => (none)
That makes things difficult :\ Confirmed though. Two versions in testing at once. # urpmq --requires --media Testing virtualbox-kernel-desktop-latest virtualbox-kernel-desktop-latest: virtualbox-kernel-4.4.9-desktop-1.mga5[== 5.0.20-2.mga5] virtualbox-kernel-desktop-latest: virtualbox-kernel-4.1.15-desktop-2.mga5[== 5.0.20-1.mga5]
Testing mga5 64 It's not possible to use MageiaUpdate to install these packages, instead use.. # urpmi virtualbox-kernel-desktop-latest-5.0.20-1.mga5 vboxadditions-kernel-desktop-latest-5.0.20-1.mga5 To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Updates Testing") vboxadditions-kernel-4.1.15-d> 5.0.20 1.mga5 x86_64 vboxadditions-kernel-desktop-> 5.0.20 1.mga5 x86_64 virtualbox 5.0.20 1.mga5 x86_64 virtualbox-kernel-4.1.15-desk> 5.0.20 1.mga5 x86_64 virtualbox-kernel-desktop-lat> 5.0.20 1.mga5 x86_64 177KB of additional disk space will be used. 25MB of packages will be retrieved. Proceed with the installation of the 5 packages? (Y/n) y
Whiteboard: (none) => has_procedure
Summary: virtualbox new security issue CVE-2016-0678 => virtualbox new security issue CVE-2016-0678 for kernel 4.1.15
Summary: virtualbox new security issue CVE-2016-0678 for kernel 4.1.15 => virtualbox new security issue CVE-2016-0678 (+ kmod update for kernel 4.1.15)
Installed the updated packages (both kernel and virtualbox ones) on a Mageia 5 x86_64 host and Mageia 5 i586 VM. Now X won't start in the VM and plymouth-quit-wait.service fails. The console during boot starts at a small size (which is normal), then once the kernel starts loading expands to its correct size, but now during the boot shrinks back to a smaller size, which is also abnormal. I tried regenerating the initrd again, but that didn't help.
Installed the appropriate vbox and server kernel updates, including nvidia 340 packages, in a Mageia 5 x86_64 host and guest. All seems to be working as expected.
CC: (none) => andrewsfarm
Same host as Comment 9, i586 Mageia 5 guest. All seems to be as it should be.
Same hardware as Comment 9, 32-bit install, virtualbox and 4.4.9 server kernel updates done at the same time. All appears to have been successful.
(In reply to David Walser from comment #8) > Installed the updated packages (both kernel and virtualbox ones) on a Mageia > 5 x86_64 host and Mageia 5 i586 VM. Now X won't start in the VM and > plymouth-quit-wait.service fails. The console during boot starts at a small > size (which is normal), then once the kernel starts loading expands to its > correct size, but now during the boot shrinks back to a smaller size, which > is also abnormal. I tried regenerating the initrd again, but that didn't > help. Same behavior on my Mageia 5 i586 VM at home, console gets smaller during the boot process and X doesn't start. This is definitely broken. VM at work is using the kmod packages and VM at home is using dkms packages.
Whiteboard: has_procedure => has_procedure feedback
Note that the issue presents itself on either kernel (4.1.15 or 4.4.9). It also appears that the console shrinking happens at the moment the VirtualBox kernel modules load in the VM.
(In reply to David Walser from comment #13) > Note that the issue presents itself on either kernel (4.1.15 or 4.4.9). It > also appears that the console shrinking happens at the moment the VirtualBox > kernel modules load in the VM. Yeah, since 5.0.18 upstream virtualbox is trying to fix behaviour to improve acceleration / play nice with system mesa... but it's still WIP apparently... Do you have any /etc/X11/xorg.conf on the affected vm? If so, can you rename it / move out of the way and restart? Does it change anything ?
Renaming xorg.conf doesn't change anything.
Hm, vbox upstream suggests to downgrade additions/vboxvideo to 5.0.16 to see if that restores functions (while the rest is still 5.0.20)
(In reply to Thomas Backlund from comment #16) > Hm, vbox upstream suggests to downgrade additions/vboxvideo to 5.0.16 to see > if that restores functions (while the rest is still 5.0.20) In other words, that means downgrading *all* of the relevant packages in the guest, so yes, of course that fixes it. If using the kmod packages (as I am in the VM at work) it also means going back to kernel 4.1.15. I'm sure using dkms with 5.0.16 and kernel 4.4.9 would be fine too, clearly the guest side of VirtualBox 5.0.20 is broken.
Assigning Thomas til it's ready.
CC: (none) => qa-bugsAssignee: qa-bugs => tmbWhiteboard: has_procedure feedback => has_procedure
Blocks: 18031 => (none)
OpenSuSE has issued an advisory for this today (June 1): https://lists.opensuse.org/opensuse-updates/2016-06/msg00002.html
Summary: virtualbox new security issue CVE-2016-0678 (+ kmod update for kernel 4.1.15) => virtualbox new security issue CVE-2016-0678
URL: (none) => http://lwn.net/Vulnerabilities/689384/
With the host upgraded to kernel 4.4.13, virtualbox/dkms-virtualbox 5.0.20 on the host, and kernel 4.4.9 and virtualbox-guest-additions/dkms-vboxadditions/x11-driver-video-vboxvideo 5.0.20 in my Mageia 5 VM at home, everything, even the GUI is working now. I'll have to confirm this on my VM at work where I first noticed the GUI problem, but I have seen reports that removing /etc/X11/xorg.conf can fix that too. I think we may be able to move forward with this and release it.
Confirmed it's working again on my VM at work. I think we can rebuild the 5.0.20 update and push it now.
Yep, that was always the plan to try again as soon as 4.4. series kernels got pushed... I've just verified that Mageia 6 -sta1 live isos works with 5.0.20 host... so new rpms for test: SRPMS: kmod-vboxadditions-5.0.20-3.mga5.src.rpm kmod-virtualbox-5.0.20-3.mga5.src.rpm virtualbox-5.0.20-1.1.mga5.src.rpm i586: dkms-vboxadditions-5.0.20-1.1.mga5.noarch.rpm dkms-virtualbox-5.0.20-1.1.mga5.noarch.rpm python-virtualbox-5.0.20-1.1.mga5.i586.rpm vboxadditions-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.i586.rpm vboxadditions-kernel-4.4.13-desktop586-1.mga5-5.0.20-3.mga5.i586.rpm vboxadditions-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.i586.rpm vboxadditions-kernel-desktop586-latest-5.0.20-3.mga5.i586.rpm vboxadditions-kernel-desktop-latest-5.0.20-3.mga5.i586.rpm vboxadditions-kernel-server-latest-5.0.20-3.mga5.i586.rpm virtualbox-5.0.20-1.1.mga5.i586.rpm virtualbox-devel-5.0.20-1.1.mga5.i586.rpm virtualbox-guest-additions-5.0.20-1.1.mga5.i586.rpm virtualbox-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.i586.rpm virtualbox-kernel-4.4.13-desktop586-1.mga5-5.0.20-3.mga5.i586.rpm virtualbox-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.i586.rpm virtualbox-kernel-desktop586-latest-5.0.20-3.mga5.i586.rpm virtualbox-kernel-desktop-latest-5.0.20-3.mga5.i586.rpm virtualbox-kernel-server-latest-5.0.20-3.mga5.i586.rpm x11-driver-video-vboxvideo-5.0.20-1.1.mga5.i586.rpm x86_64: dkms-vboxadditions-5.0.20-1.1.mga5.noarch.rpm dkms-virtualbox-5.0.20-1.1.mga5.noarch.rpm python-virtualbox-5.0.20-1.1.mga5.x86_64.rpm vboxadditions-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.x86_64.rpm vboxadditions-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.x86_64.rpm vboxadditions-kernel-desktop-latest-5.0.20-3.mga5.x86_64.rpm vboxadditions-kernel-server-latest-5.0.20-3.mga5.x86_64.rpm virtualbox-5.0.20-1.1.mga5.x86_64.rpm virtualbox-devel-5.0.20-1.1.mga5.x86_64.rpm virtualbox-guest-additions-5.0.20-1.1.mga5.x86_64.rpm virtualbox-kernel-4.4.13-desktop-1.mga5-5.0.20-3.mga5.x86_64.rpm virtualbox-kernel-4.4.13-server-1.mga5-5.0.20-3.mga5.x86_64.rpm virtualbox-kernel-desktop-latest-5.0.20-3.mga5.x86_64.rpm virtualbox-kernel-server-latest-5.0.20-3.mga5.x86_64.rpm x11-driver-video-vboxvideo-5.0.20-1.1.mga5.x86_64.rpm
Tested fine at work on Mageia 5 x86_64. Will test at home on i586 hopefully tomorrow.
Whiteboard: has_procedure => has_procedure MGA5-64-OK
On real hardware, M5, KDE, 64-bit Package(s) under test: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo nvidia-current-kernel-desktop-latest default install of: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo nvidia-current-kernel-desktop-latest [root@localhost wilcal]# uname -a Linux localhost 4.4.13-desktop-1.mga5 #1 SMP Fri Jun 10 12:16:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.13-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-5.0.16-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.0.16-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-5.0.16-1.mga5.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-5.0.16-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-5.0.16-6.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-5.0.16-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed [root@localhost wilcal]# lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_current Created clients: M5 i586 Gnome Live-CD runs as a Vbox client. Screen sizes are correct. Sound ok M5 i586 KDE Live-CD installed, updates and runs as a Vbox client. Screen sizes are correct. Sound ok install from updates_testing: kernel-desktop-latest virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo nvidia-current-kernel-desktop-latest from updates_testing [root@localhost wilcal]# uname -a Linux localhost 4.4.13-desktop-1.mga5 #1 SMP Fri Jun 10 12:16:55 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-4.4.13-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-5.0.20-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi vboxadditions-kernel-desktop-latest Package vboxadditions-kernel-desktop-latest-5.0.20-3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-5.0.20-1.1.mga5.noarch is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-5.0.20-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-5.0.20-3.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-5.0.20-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi nvidia-current-kernel-desktop-latest Package nvidia-current-kernel-desktop-latest-352.79-10.mga5.nonfree.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_current Clients created Pre-update: M5 i586 Gnome Live-CD runs as a Vbox client. Screen sizes are correct. Sound ok M5 i586 KDE Live-CD runs as a Vbox client. Screen sizes are correct. Sound ok Clients created Post-update: M5 x86_64 Gnome Live-DVD runs as a Vbox client. Screen sizes are correct. Sound ok M5 x86_64 KDE CI installed, updates and runs as a Vbox client. Screen sizes are correct. Sound ok Vbox extentions work pre and post updates. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver
CC: (none) => wilcal.int
Works fine at home too, Mageia 5 i586 guest and host. At work I have just about every OS imaginable as guests, so this can be validated.
Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK
Works well here, too. Guest additions installed in 32-bit and 64-bit Mageia 5 guests with no problems. Shared folders continued to be shared. XP guest booted successfully, and scolded me for my anti-virus being out-of-date, while my anti-virus reported that my system was secure. In short, everything perfectly normal.
Validating to get it off the list. Advisory to follow.
Keywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
advisory added
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0226.html
Status: NEW => RESOLVEDResolution: (none) => FIXED