VirtualBox 6.0.16 has been released on January 14, fixing several security issues: https://www.virtualbox.org/wiki/Changelog-6.0#v16 https://www.oracle.com/security-alerts/cpujan2020.html#AppendixOVIR
I see 6.0.16 versions of virtualbox and dkms-virtualbox have landed. But we are missing the virtualbox-kernel* packages 6.0.16 versions.
CC: (none) => fri
They are not really "missing", they can just not be built until the current kernel update is validated and pushed....
Assigning to QA, advisory will follow... SRPMS: virtualbox-6.0.16-1.mga7.src.rpm kmod-virtualbox-6.0.16-1.mga7.src.rpm i586: dkms-vboxadditions-6.0.16-1.mga7.noarch.rpm dkms-virtualbox-6.0.16-1.mga7.noarch.rpm python-virtualbox-6.0.16-1.mga7.i586.rpm virtualbox-6.0.16-1.mga7.i586.rpm virtualbox-devel-6.0.16-1.mga7.i586.rpm virtualbox-guest-additions-6.0.16-1.mga7.i586.rpm virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.i586.rpm virtualbox-kernel-5.4.12-desktop586-1.mga7-6.0.16-1.mga7.i586.rpm virtualbox-kernel-5.4.12-server-1.mga7-6.0.16-1.mga7.i586.rpm virtualbox-kernel-desktop586-latest-6.0.16-1.mga7.i586.rpm virtualbox-kernel-desktop-latest-6.0.16-1.mga7.i586.rpm virtualbox-kernel-server-latest-6.0.16-1.mga7.i586.rpm x86_64: dkms-vboxadditions-6.0.16-1.mga7.noarch.rpm dkms-virtualbox-6.0.16-1.mga7.noarch.rpm python-virtualbox-6.0.16-1.mga7.x86_64.rpm virtualbox-6.0.16-1.mga7.x86_64.rpm virtualbox-devel-6.0.16-1.mga7.x86_64.rpm virtualbox-guest-additions-6.0.16-1.mga7.x86_64.rpm virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64.rpm virtualbox-kernel-5.4.12-server-1.mga7-6.0.16-1.mga7.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64.rpm virtualbox-kernel-server-latest-6.0.16-1.mga7.x86_64.rpm
Assignee: tmb => qa-bugs
I've tried install the new version in Mageia 7 Virtualbox x64. No problems, works fine, all settings ok depending of the host system. I've tried to virtualize a operating system without problems. Greetings!!
CC: (none) => joselp
mga7-64 OK here: VirtualBox 6.0.16 running guest MSW7 incl host folder sharing, USB2 flash stick, firefox video with sound. Host: Plasma, Intel i7, Nvidia GPU. Stress test: BOINC use all cores to 100%, then running virtualbox with MSW7 chewing windows update, and other programs in guest and host i can use without problems. Enabling GPU use for BOINC on host desktop experience is of course not pleasant but no crash etc.
Host system: Intel i5-2500, 16GB RAM, integrated Intel graphics, wired Internet, 64-bit Plasma system. No installation issues with the Mageia packages. Upon running it, I discovered the "Check for updates" function of the gui is no longer there, necessitating a manual download of the extension pack. Clicking on the downloaded extension pack brought up the gui, and the pack updated without incident. Ran a Mageia 7 guest, and updated the guest additions. Everything there looks good. Ran an XP guest and attempted to use the "insert guest additions" function of the gui, which, as has become normal, still fails at the end of the download. The guest additions iso had to ne manually downloaded from https://download.virtualbox.org/virtualbox/ and mounted into the virtual optical drive. (Bug 24696) Once the additions were installed, I tried a few things, and the XP guest is working normally. I did not try to create a new guest, but other than that It looks good on this hardware.
CC: (none) => andrewsfarm
on mga7-64 kernel-desktop plasma packages installed cleanly: - dkms-virtualbox-6.0.16-1.mga7.noarch - virtualbox-6.0.16-1.mga7.x86_64 - virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 # dkms status virtualbox, 6.0.16-1.mga7, 5.4.12-desktop-1.mga7, x86_64: installed virtualbox, 6.0.16-1.mga7, 5.4.12-desktop-1.mga7, x86_64: installed-binary from 5.4.12-desktop-1.mga7 extension pack upgraded cleanly, but as reported in comment 6 had to be downloaded manually vbox and clients (winxp, win7 and mga7-32) launched normally Updated additions in all 3 clients. As previously the additions iso for the Windows clients had to be downloaded and inserted manually. "Attached" my USB printer to the mga7-32 client, configured it in the client and printed a test page. No regressions observed. OK for mga7-64 on this system: Desktop System: Dell product: Precision Tower 3620 Quad Core model: Intel Core i7-6700 Intel HD Graphics 530
CC: (none) => jim
Running into a bit of a problem here: The following 6 packages are going to be installed: - cpupower-5.4.14-1.mga7.x86_64 - kernel-desktop-devel-5.4.14-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64 - virtualbox-6.0.16-1.mga7.x86_64 - virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 Launching: Mageia-7-Live-Xfce-i586.iso As a Vox client reports the following errors: Failed to open a session for the virtual machine M7.1 i586 Xfce Live-DVD. The virtual machine 'M7.1 i586 Xfce Live-DVD' has terminated unexpectedly during startup with exit code 1 (0x1). Result Code: NS_ERROR_FAILURE (0x80004005) Component: MachineWrap Interface: IMachine {5047460a-265d-4538-b23e-ddba5fb84976} *********** Kernel driver not installed (rc=-1908) The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing '/sbin/vboxconfig' as root. If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information. where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT. Comments are appreciated
CC: (none) => wilcal.int
[root@localhost wilcal]# uname -a Linux localhost 5.4.14-desktop-1.mga7 #1 SMP Thu Jan 23 22:31:32 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.4.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.14-1.mga7.x86_64 is already installed
(In reply to William Kenney from comment #8) > Running into a bit of a problem here: > > The following 6 packages are going to be installed: > > - cpupower-5.4.14-1.mga7.x86_64 > - kernel-desktop-devel-5.4.14-1.mga7-1-1.mga7.x86_64 > - kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64 > - virtualbox-6.0.16-1.mga7.x86_64 > - virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64 > - virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 > You are missing dkms-virtualbox-6.0.16-1.mga7.noarch.rpm, so the kmods for the new virtualbox can't be built locally for any of the kernels you may have installed. The virtualbox-kernel (the pre-built kmod) on your list is for kernel-desktop 5.4.12, and won't work with kernel-desktop 5.4.14. I don't think tmb uploaded the pre-built kmods for that kernel yet.
Thanks Thomas. I'll tinker with it all tomorrow.
(In reply to William Kenney from comment #11) > Thanks Thomas. > I'll tinker with it all tomorrow. I was a little slow on the uptake. I just checked, and while there may be packages in update-testing for the 5.4.14 kernel, it has not yet been sent to QA. It may be that it just isn't ready, or that tmb is waiting for this virtualbox update to go through first. Either way, it would probably be best at this point if you were to boot into kernel 5.4.12 and do your testing there. Personally, in your situation I would be removing the 5.4.14 packages, but of course that's entirely up to you.
Thanks Thomas. Over the last years Vbox testing for me has been pretty smooth. I test on a competely non-important platform. So at this point I'm going to wait and see what TMB has to say about all this. The platform I test on has a removable replaceable HD modular tray system. So when things settle down on this I'll just re-insatll M7 from the ground uo, install Vbox, then enable the update testing repo and try the update again. Thanks for the help
@wilcal: You should only test the virtualbox update against the 5.4.12 kernel for now.... I do push newer kernels to testing too, but until they are assigned to QA, there is no rush to test them
CC: (none) => tmb
On real hardware, M7.1, Plasma, 64-bit Package(s) under test: virtualbox default install of packages: kernel-desktop-latest virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.3.6-desktop-2.mga7 #1 SMP Sun Oct 13 18:22:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.3.6-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.12-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-6.0.12-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-6.0.12-4.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.3.6-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.3.6-2.mga7.x86_64 is already installed [root@localhost wilcal]# lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390 Mageia-7-Live-Xfce-i586.iso Runs as a Vbox client. Boots to a working desktop. Common apps work. Screen sizes are correct. install from updates testing: virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower dkms-vboxadditions dkms-virtualbox [root@localhost wilcal]# uname -a Linux localhost 5.4.14-desktop-1.mga7 #1 SMP Thu Jan 23 22:31:32 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi dkms-vboxadditions Package dkms-vboxadditions-6.0.16-1.mga7.noarch is already installed [root@localhost wilcal]# urpmi dkms-virtualbox Package dkms-virtualbox-6.0.16-1.mga7.noarch is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.14-1.mga7.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390 Mageia-7-Live-Xfce-i586.iso Runs as a Vbox client. Boots to a working desktop. Common apps work. Screen sizes are correct. Mageia-7-Live-GNOME-x86_64.iso Runs as a Vbox client. Boots to a working desktop. Common apps work. Screen sizes are correct. Mageia-7-x86_64.iso Runs as a Vbox client Boots to a working desktop. Common apps work. Screen sizes are correct. Installs without error. Updates without error. Reboots to a working desktop without error.
Seem like full OK on 64 bit host then
Whiteboard: (none) => MGA7-64-OK
Advisory, added to svn: type: security subject: Updated virtualbox packages fix security vulnerabilities CVE: - CVE-2020-2674 - CVE-2020-2678 - CVE-2020-2681 - CVE-2020-2682 - CVE-2020-2689 - CVE-2020-2690 - CVE-2020-2691 - CVE-2020-2692 - CVE-2020-2693 - CVE-2020-2698 - CVE-2020-2701 - CVE-2020-2702 - CVE-2020-2703 - CVE-2020-2704 - CVE-2020-2705 - CVE-2020-2725 - CVE-2020-2726 - CVE-2020-2727 src: 7: core: - virtualbox-6.0.16-1.mga7 - kmod-virtualbox-6.0.16-1.mga7 description: | This update provides the upstream 6.0.16 and fixes the following security vulnerabilities: An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2020-2674, CVE-2020-2682). A difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data(CVE-2020-2678). An easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data (CVE-2020-2681, CVE-2020-2689, CVE-2020-2690, CVE-2020-2691, CVE-2020-2692, CVE-2020-2704, CVE-2020-2705). A difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data (CVE-2020-2693). A difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox (CVE-2020-2698, CVE-2020-2701, CVE-2020-2702, CVE-2020-2726). An easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. (CVE-2020-2703, CVE-2020-2725). An easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.(CVE-2020-2727). For other fixes in this update, see the referenced changelog references: - https://bugs.mageia.org/show_bug.cgi?id=26079 - https://www.virtualbox.org/wiki/Changelog-6.0#v16 - https://www.oracle.com/security-alerts/cpujan2020.html#AppendixOVIR
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0065.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
Also fixed... CVE-2020-2742 CVE-2020-2743 https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixOVIR