Bug 24831 - Update request: virtualbox-6.0.8-1.mga6
Summary: Update request: virtualbox-6.0.8-1.mga6
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: High critical
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA6-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-05-16 13:23 CEST by Thomas Backlund
Modified: 2019-05-18 14:34 CEST (History)
5 users (show)

See Also:
Source RPM: virtualbox
CVE:
Status comment:


Attachments

Description Thomas Backlund 2019-05-16 13:23:12 CEST
Virtualbox 6.0.8 that has fixes for the 

Microarchitectural Data Sampling (MDS, also called
ZombieLoad attack) vulnerabilities



SRPMS:
virtualbox-6.0.8-1.mga6.src.rpm
kmod-virtualbox-6.0.8-1.mga6.src.rpm
kmod-vboxadditions-6.0.8-1.mga6.src.rpm



i586:
dkms-vboxadditions-6.0.8-1.mga6.noarch.rpm
dkms-virtualbox-6.0.8-1.mga6.noarch.rpm
python-virtualbox-6.0.8-1.mga6.i586.rpm
virtualbox-6.0.8-1.mga6.i586.rpm
virtualbox-devel-6.0.8-1.mga6.i586.rpm
virtualbox-guest-additions-6.0.8-1.mga6.i586.rpm

virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.i586.rpm
virtualbox-kernel-4.14.119-desktop586-1.mga6-6.0.8-1.mga6.i586.rpm
virtualbox-kernel-4.14.119-server-1.mga6-6.0.8-1.mga6.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.8-1.mga6.i586.rpm
virtualbox-kernel-desktop-latest-6.0.8-1.mga6.i586.rpm
virtualbox-kernel-server-latest-6.0.8-1.mga6.i586.rpm

vboxadditions-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.i586.rpm
vboxadditions-kernel-4.14.119-desktop586-1.mga6-6.0.8-1.mga6.i586.rpm
vboxadditions-kernel-4.14.119-server-1.mga6-6.0.8-1.mga6.i586.rpm
vboxadditions-kernel-desktop586-latest-6.0.8-1.mga6.i586.rpm
vboxadditions-kernel-desktop-latest-6.0.8-1.mga6.i586.rpm
vboxadditions-kernel-server-latest-6.0.8-1.mga6.i586.rpm



x86_64:
dkms-vboxadditions-6.0.8-1.mga6.noarch.rpm
dkms-virtualbox-6.0.8-1.mga6.noarch.rpm
python-virtualbox-6.0.8-1.mga6.x86_64.rpm
virtualbox-6.0.8-1.mga6.x86_64.rpm
virtualbox-devel-6.0.8-1.mga6.x86_64.rpm
virtualbox-guest-additions-6.0.8-1.mga6.x86_64.rpm

virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.x86_64.rpm
virtualbox-kernel-4.14.119-server-1.mga6-6.0.8-1.mga6.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.8-1.mga6.x86_64.rpm
virtualbox-kernel-server-latest-6.0.8-1.mga6.x86_64.rpm

vboxadditions-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.x86_64.rpm
vboxadditions-kernel-4.14.119-server-1.mga6-6.0.8-1.mga6.x86_64.rpm
vboxadditions-kernel-desktop-latest-6.0.8-1.mga6.x86_64.rpm
vboxadditions-kernel-server-latest-6.0.8-1.mga6.x86_64.rpm
Thomas Backlund 2019-05-16 13:23:22 CEST

Priority: Normal => High

Comment 1 James Kerr 2019-05-16 17:07:37 CEST
on mga6-64  kernel-desktop  plasma

packages installed cleanly:

- virtualbox-6.0.8-1.mga6.x86_64
- virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.x86_64
- virtualbox-kernel-desktop-latest-6.0.8-1.mga6.x86_64

extension pack updated cleanly

vbox additions updated cleanly on
winxp, win7, mga6-32 and mga6-64 clients

no regressions noted

looks OK for mga6-64

CC: (none) => jim

Comment 2 William Kenney 2019-05-16 23:58:33 CEST
On real hardware, M6.1, Plasma, 64-bit

Package(s) under test:
virtualbox

default install of packages:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest cpupower

The following 9 packages are going to be installed:

- vboxadditions-kernel-4.14.116-desktop-1.mga6-6.0.6-2.mga6.x86_64
- vboxadditions-kernel-desktop-latest-6.0.6-2.mga6.x86_64
- virtualbox-6.0.6-1.mga6.x86_64
- virtualbox-doc-5.2.24-1.mga6.noarch
- virtualbox-guest-additions-6.0.6-1.mga6.x86_64
- virtualbox-kernel-4.14.116-desktop-1.mga6-6.0.6-2.mga6.x86_64
- virtualbox-kernel-desktop-latest-6.0.6-2.mga6.x86_64
- x11-driver-video-vboxvideo-5.2.24-1.mga6.x86_64
- xrandr-1.5.0-1.mga6.x86_64

[root@localhost wilcal]# uname -a
Linux localhost 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 19:26:16 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-6.0.6-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-6.0.6-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-6.0.6-3.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.2.24-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.2.24-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-nvidia-current
Package dkms-nvidia-current-390.87-1.mga6.nonfree.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-4.14.119-1.mga6.x86_64 is already installed
[root@localhost wilcal]# lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia_current

Mageia-6.1-LiveDVD-Xfce-i586-DVD.iso
Runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.


install from updates testing:
kernel-desktop-latest
virtualbox vboxadditions-kernel-desktop-latest dkms-virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo
kernel-desktop-devel-latest cpupower

The following 8 packages are going to be installed:

- dkms-virtualbox-6.0.8-1.mga6.noarch
- meta-task-6-3.3.mga6.noarch
- vboxadditions-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.x86_64
- vboxadditions-kernel-desktop-latest-6.0.8-1.mga6.x86_64
- virtualbox-6.0.8-1.mga6.x86_64
- virtualbox-guest-additions-6.0.8-1.mga6.x86_64
- virtualbox-kernel-4.14.119-desktop-1.mga6-6.0.8-1.mga6.x86_64
- virtualbox-kernel-desktop-latest-6.0.8-1.mga6.x86_64

[root@localhost wilcal]# uname -a
Linux localhost 4.14.119-desktop-1.mga6 #1 SMP Tue May 14 19:26:16 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-6.0.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-6.0.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-6.0.8-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-5.2.24-1.mga6.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-nvidia-current
Package dkms-nvidia-current-390.87-1.mga6.nonfree.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-4.14.119-1.mga6.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia

Mageia-6.1-LiveDVD-Xfce-i586-DVD.iso
Runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

Mageia-6.1-LiveDVD-GNOME-x86_64-DVD.iso
Runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

Mageia-7-rc-Live-Plasma-x86_64.iso
Runs as a Vbox client
Boots to a working desktop. Common apps work.
Screen sizes are correct.
Installs without error. Updates without error
Reboots to a working desktop without error.

CC: (none) => wilcal.int

Comment 3 Morgan Leijström 2019-05-17 09:56:44 CEST
Quick test 64 bit mga6 host, running an existing MSW7 guest, including manually installed extpack, USB stick working, video OK, Ethernet OK, Host File sharing OK, Screen rezising OK.

Hardware: i7-2600K, Nvidia GTX760 (GK104) using proprietary driver GeForce 420 and later.

This machine is fully updated against testing.

CC: (none) => fri

Comment 4 Dave Hodgins 2019-05-18 12:42:00 CEST
Testing ok with m6 and m7 guests here.
Advisory committed to svn as ...
$ cat 24831.adv 
type: security
subject: Updated virtualbox packages fix security vulnerability
src:
  6:
   core:
     - virtualbox-6.0.8-1.mga6
     - kmod-vboxadditions-6.0.8-1.mga6
     - kmod-virtualbox-6.0.8-1.mga6
description: |
  Virtualbox 6.0.8 that has fixes for the Microarchitectural Data Sampling
  (MDS, also called ZombieLoad attack) vulnerabilities and other bugs.
  See the changelog for details.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24831
 - https://www.virtualbox.org/wiki/Changelog-6.0#v8

Validating the update.

Whiteboard: (none) => MGA6-64-OK
Keywords: (none) => advisory, validated_update
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Mageia Robot 2019-05-18 14:34:18 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0179.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.