I see 6.0.16 versions of virtualbox and dkms-virtualbox have landed.
But we are missing the virtualbox-kernel* packages 6.0.16 versions.

CC: (none) => fri

They are not really "missing", they can just not be built until the current kernel update is validated and pushed....

Assigning to QA, advisory will follow...


SRPMS:
virtualbox-6.0.16-1.mga7.src.rpm
kmod-virtualbox-6.0.16-1.mga7.src.rpm


i586:
dkms-vboxadditions-6.0.16-1.mga7.noarch.rpm
dkms-virtualbox-6.0.16-1.mga7.noarch.rpm
python-virtualbox-6.0.16-1.mga7.i586.rpm
virtualbox-6.0.16-1.mga7.i586.rpm
virtualbox-devel-6.0.16-1.mga7.i586.rpm
virtualbox-guest-additions-6.0.16-1.mga7.i586.rpm

virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.i586.rpm
virtualbox-kernel-5.4.12-desktop586-1.mga7-6.0.16-1.mga7.i586.rpm
virtualbox-kernel-5.4.12-server-1.mga7-6.0.16-1.mga7.i586.rpm
virtualbox-kernel-desktop586-latest-6.0.16-1.mga7.i586.rpm
virtualbox-kernel-desktop-latest-6.0.16-1.mga7.i586.rpm
virtualbox-kernel-server-latest-6.0.16-1.mga7.i586.rpm



x86_64:
dkms-vboxadditions-6.0.16-1.mga7.noarch.rpm
dkms-virtualbox-6.0.16-1.mga7.noarch.rpm
python-virtualbox-6.0.16-1.mga7.x86_64.rpm
virtualbox-6.0.16-1.mga7.x86_64.rpm
virtualbox-devel-6.0.16-1.mga7.x86_64.rpm
virtualbox-guest-additions-6.0.16-1.mga7.x86_64.rpm

virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64.rpm
virtualbox-kernel-5.4.12-server-1.mga7-6.0.16-1.mga7.x86_64.rpm
virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64.rpm
virtualbox-kernel-server-latest-6.0.16-1.mga7.x86_64.rpm

Assignee: tmb => qa-bugs

I've tried install the new version in Mageia 7 Virtualbox x64. No problems, works fine, all settings ok depending of the host system. I've tried to virtualize a operating system without problems.

Greetings!!

CC: (none) => joselp

mga7-64 OK here:

VirtualBox 6.0.16 running guest MSW7 incl host folder sharing, USB2 flash stick, firefox video with sound.

Host: Plasma, Intel i7, Nvidia GPU.

Stress test: BOINC use all cores to 100%, then running virtualbox with MSW7 chewing windows update, and other programs in guest and host i can use without problems. Enabling GPU use for BOINC on host desktop experience is of course not pleasant but no crash etc.

Host system: Intel i5-2500, 16GB RAM, integrated Intel graphics, wired Internet, 64-bit Plasma system.

No installation issues with the Mageia packages. Upon running it, I discovered the "Check for updates" function of the gui is no longer there, necessitating a manual download of the extension pack. Clicking on the downloaded extension pack brought up the gui, and the pack updated without incident.

Ran a Mageia 7 guest, and updated the guest additions. Everything there looks good.

Ran an XP guest and attempted to use the "insert guest additions" function of the gui, which, as has become normal, still fails at the end of the download. The guest additions iso had to ne manually downloaded from https://download.virtualbox.org/virtualbox/ and mounted into the virtual optical drive. (Bug 24696)

Once the additions were installed, I tried a few things, and the XP guest is working normally.

I did not try to create a new guest, but other than that It looks good on this hardware.

CC: (none) => andrewsfarm

on mga7-64  kernel-desktop  plasma

packages installed cleanly:
- dkms-virtualbox-6.0.16-1.mga7.noarch
- virtualbox-6.0.16-1.mga7.x86_64
- virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64

# dkms status
virtualbox, 6.0.16-1.mga7, 5.4.12-desktop-1.mga7, x86_64: installed 
virtualbox, 6.0.16-1.mga7, 5.4.12-desktop-1.mga7, x86_64: installed-binary from 5.4.12-desktop-1.mga7

extension pack upgraded cleanly, but as reported in comment 6 had to be downloaded manually

vbox and clients (winxp, win7 and mga7-32) launched normally

Updated additions in all 3 clients. As previously the additions iso for the Windows clients had to be downloaded and inserted manually.

"Attached" my USB printer to the mga7-32 client, configured it in the client and printed a test page. 

No regressions observed. OK for mga7-64 on this system:

Desktop System: Dell product: Precision Tower 3620
Quad Core model: Intel Core i7-6700
Intel HD Graphics 530

CC: (none) => jim

Running into a bit of a problem here:

The following 6 packages are going to be installed:

- cpupower-5.4.14-1.mga7.x86_64
- kernel-desktop-devel-5.4.14-1.mga7-1-1.mga7.x86_64
- kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64
- virtualbox-6.0.16-1.mga7.x86_64
- virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64
- virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64

Launching:
Mageia-7-Live-Xfce-i586.iso
As a Vox client reports the following errors:

Failed to open a session for the virtual machine M7.1 i586 Xfce Live-DVD.

The virtual machine 'M7.1 i586 Xfce Live-DVD' has terminated unexpectedly during startup with exit code 1 (0x1).

Result Code: 
NS_ERROR_FAILURE (0x80004005)
Component: 
MachineWrap
Interface: 
IMachine {5047460a-265d-4538-b23e-ddba5fb84976}

***********

Kernel driver not installed (rc=-1908)

The VirtualBox Linux kernel driver is either not loaded or not set up correctly. Please try setting it up again by executing

'/sbin/vboxconfig'

as root.

If your system has EFI Secure Boot enabled you may also need to sign the kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) before you can load them. Please see your Linux system's documentation for more information.

where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) - The support driver is not installed. On linux, open returned ENOENT. 

Comments are appreciated

CC: (none) => wilcal.int

[root@localhost wilcal]# uname -a
Linux localhost 5.4.14-desktop-1.mga7 #1 SMP Thu Jan 23 22:31:32 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-5.4.14-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.14-1.mga7.x86_64 is already installed

(In reply to William Kenney from comment #8)
> Running into a bit of a problem here:
> 
> The following 6 packages are going to be installed:
> 
> - cpupower-5.4.14-1.mga7.x86_64
> - kernel-desktop-devel-5.4.14-1.mga7-1-1.mga7.x86_64
> - kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64
> - virtualbox-6.0.16-1.mga7.x86_64
> - virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.16-1.mga7.x86_64
> - virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64
> 
You are missing dkms-virtualbox-6.0.16-1.mga7.noarch.rpm, so the kmods for the new virtualbox can't be built locally for any of the kernels you may have installed.

The virtualbox-kernel (the pre-built kmod) on your list is for kernel-desktop 5.4.12, and won't work with kernel-desktop 5.4.14. I don't think tmb uploaded the pre-built kmods for that kernel yet.

Thanks Thomas.
I'll tinker with it all tomorrow.

(In reply to William Kenney from comment #11)
> Thanks Thomas.
> I'll tinker with it all tomorrow.

I was a little slow on the uptake. I just checked, and while there may be packages in update-testing for the 5.4.14 kernel, it has not yet been sent to QA. It may be that it just isn't ready, or that tmb is waiting for this virtualbox update to go through first.

Either way, it would probably be best at this point if you were to boot into kernel 5.4.12 and do your testing there. 

Personally, in your situation I would be removing the 5.4.14 packages, but of course that's entirely up to you.

Thanks Thomas.
Over the last years Vbox testing for me has been pretty smooth.
I test on a competely non-important platform.
So at this point I'm going to wait and see what TMB has to say about all this.
The platform I test on has a removable replaceable HD modular tray system.
So when things settle down on this I'll just re-insatll M7 from the ground uo, install Vbox, then enable the update testing repo and try the update again.

Thanks for the help

@wilcal:

You should only test the virtualbox update against the 5.4.12 kernel for now....

I do push newer kernels to testing too, but until they are assigned to QA, there is no rush to test them

CC: (none) => tmb

On real hardware, M7.1, Plasma, 64-bit

Package(s) under test:
virtualbox

default install of packages:
kernel-desktop-latest virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest
cpupower

[root@localhost wilcal]# uname -a
Linux localhost 5.3.6-desktop-2.mga7 #1 SMP Sun Oct 13 18:22:10 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-desktop-latest
Package kernel-desktop-latest-5.3.6-2.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-6.0.12-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-6.0.12-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-6.0.12-4.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-5.3.6-2.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.3.6-2.mga7.x86_64 is already installed
[root@localhost wilcal]# lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390

Mageia-7-Live-Xfce-i586.iso
Runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

install from updates testing:

virtualbox
virtualbox-guest-additions virtualbox-kernel-desktop-latest
x11-driver-video-vboxvideo kernel-desktop-devel-latest
cpupower dkms-vboxadditions dkms-virtualbox

[root@localhost wilcal]# uname -a
Linux localhost 5.4.14-desktop-1.mga7 #1 SMP Thu Jan 23 22:31:32 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi virtualbox
Package virtualbox-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-guest-additions
Package virtualbox-guest-additions-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest
Package virtualbox-kernel-desktop-latest-6.0.16-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi x11-driver-video-vboxvideo
Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi kernel-desktop-devel-latest
Package kernel-desktop-devel-latest-5.4.14-1.mga7.x86_64 is already installed
[root@localhost wilcal]# urpmi dkms-vboxadditions
Package dkms-vboxadditions-6.0.16-1.mga7.noarch is already installed
[root@localhost wilcal]# urpmi dkms-virtualbox
Package dkms-virtualbox-6.0.16-1.mga7.noarch is already installed
[root@localhost wilcal]# urpmi cpupower
Package cpupower-5.4.14-1.mga7.x86_64 is already installed
[wilcal@localhost ~]$ lspci -k
01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1)
        Subsystem: Gigabyte Technology Co., Ltd Device 3518
        Kernel driver in use: nvidia
        Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390

Mageia-7-Live-Xfce-i586.iso
Runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

Mageia-7-Live-GNOME-x86_64.iso
Runs as a Vbox client.
Boots to a working desktop. Common apps work.
Screen sizes are correct.

Mageia-7-x86_64.iso
Runs as a Vbox client
Boots to a working desktop. Common apps work.
Screen sizes are correct.
Installs without error. Updates without error.
Reboots to a working desktop without error.

Seem like full OK on 64 bit host then

Whiteboard: (none) => MGA7-64-OK

Advisory, added to svn:

type: security
subject: Updated virtualbox packages fix security vulnerabilities
CVE:
 - CVE-2020-2674
 - CVE-2020-2678
 - CVE-2020-2681
 - CVE-2020-2682
 - CVE-2020-2689
 - CVE-2020-2690
 - CVE-2020-2691
 - CVE-2020-2692
 - CVE-2020-2693
 - CVE-2020-2698
 - CVE-2020-2701
 - CVE-2020-2702
 - CVE-2020-2703
 - CVE-2020-2704
 - CVE-2020-2705
 - CVE-2020-2725
 - CVE-2020-2726
 - CVE-2020-2727
src:
  7:
   core:
     - virtualbox-6.0.16-1.mga7
     - kmod-virtualbox-6.0.16-1.mga7
description: |
  This update provides the upstream 6.0.16 and fixes the following security
  vulnerabilities:

  An easily exploitable vulnerability allows high privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in takeover of Oracle
  VM VirtualBox (CVE-2020-2674, CVE-2020-2682).

  A difficult to exploit vulnerability allows low privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in unauthorized
  creation, deletion or modification access to critical data or all Oracle
  VM VirtualBox accessible data as well as unauthorized read access to a
  subset of Oracle VM VirtualBox accessible data(CVE-2020-2678).

  An easily exploitable vulnerability allows low privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in unauthorized access
  to critical data or complete access to all Oracle VM VirtualBox accessible
  data (CVE-2020-2681, CVE-2020-2689, CVE-2020-2690, CVE-2020-2691,
  CVE-2020-2692, CVE-2020-2704, CVE-2020-2705).

  A difficult to exploit vulnerability allows high privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in unauthorized access
  to critical data or complete access to all Oracle VM VirtualBox accessible
  data (CVE-2020-2693).

  A difficult to exploit vulnerability allows high privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in takeover of Oracle
  VM VirtualBox (CVE-2020-2698, CVE-2020-2701, CVE-2020-2702, CVE-2020-2726).

  An easily exploitable vulnerability allows low privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in unauthorized
  ability to cause a hang or frequently repeatable crash (complete DOS) of
  Oracle VM VirtualBox. (CVE-2020-2703, CVE-2020-2725).

  An easily exploitable vulnerability allows high privileged attacker with
  logon to the infrastructure where Oracle VM VirtualBox executes to
  compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM
  VirtualBox, attacks may significantly impact additional products.
  Successful attacks of this vulnerability can result in unauthorized
  access to critical data or complete access to all Oracle VM VirtualBox
  accessible data.(CVE-2020-2727).

  For other fixes in this update, see the referenced changelog
references:
 - https://bugs.mageia.org/show_bug.cgi?id=26079
 - https://www.virtualbox.org/wiki/Changelog-6.0#v16
 - https://www.oracle.com/security-alerts/cpujan2020.html#AppendixOVIR

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0065.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Also fixed...
CVE-2020-2742
CVE-2020-2743

https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixOVIR