Security and bugfixes, advisory will follow: ref: https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixOVIR https://www.virtualbox.org/wiki/Changelog-6.1#v34 SRPMS: virtualbox-6.1.34-1.mga8.src.rpm kmod-virtualbox-6.1.34-1.mga8.src.rpm i586: virtualbox-6.1.34-1.mga8.i586.rpm virtualbox-guest-additions-6.1.34-1.mga8.i586.rpm x86_64: dkms-virtualbox-6.1.34-1.mga8.x86_64.rpm python-virtualbox-6.1.34-1.mga8.x86_64.rpm virtualbox-6.1.34-1.mga8.x86_64.rpm virtualbox-devel-6.1.34-1.mga8.x86_64.rpm virtualbox-guest-additions-6.1.34-1.mga8.x86_64.rpm virtualbox-kernel-5.15.32-desktop-1.mga8-6.1.34-1.mga8.x86_64.rpm virtualbox-kernel-5.15.32-server-1.mga8-6.1.34-1.mga8.x86_64.rpm virtualbox-kernel-desktop-latest-6.1.34-1.mga8.x86_64.rpm virtualbox-kernel-server-latest-6.1.34-1.mga8.x86_64.rpm
I've installed the extpack update as well as the vb update, but am getting the error ... Failed to load R0 module /usr/lib64/virtualbox/VBoxDDR0.r0: Unable to locate imported symbol 'memset' for module 'VBoxDDR0.r0' (VERR_SYMBOL_NOT_FOUND). Failed to load ring-0 module 'VBoxDDR0.r0' for device 'pci' (VERR_SYMBOL_NOT_FOUND). [dave@x3 ~]$ VBoxManage list extpacks Extension Packs: 2 Pack no. 0: Oracle VBoxDTrace Extension Pack Version: 6.1.34 Revision: 150636 Edition: Description: Experimental and unsupported extension pack providing DTrace features to VirtualBox. VRDE Module: Usable: true Why unusable: Pack no. 1: Oracle VM VirtualBox Extension Pack Version: 6.1.34 Revision: 150636 Edition: Description: Oracle Cloud Infrastructure integration, USB 2.0 and USB 3.0 Host Controller, Host Webcam, VirtualBox RDP, PXE ROM, Disk Encryption, NVMe. VRDE Module: VBoxVRDP Usable: true Why unusable: [dave@x3 ~]$ VBoxManage --version 6.1.34_Mageiar150636 [dave@x3 ~]$ dkms status|grep virt virtualbox, 6.1.34-1.mga8, 5.15.34-server-1.mga8, x86_64: installed virtualbox, 6.1.34-1.mga8, 5.15.32-server-1.mga8, x86_64: installed-binary from 5.15.32-server-1.mga8 Anybody managed to get it to work?
CC: (none) => davidwhodgins
Same problem here, when I try to launch my MSW7n guest. And yes after manual extension pack update, and reboot just to be sure. Also the BOINC virtualbox workunit failed (i did not try to catch any log) Extpacks list same as Dave. $ dkms status|grep virt virtualbox, 6.1.34-1.mga8, 5.15.32-desktop-1.mga8, x86_64: installed-binary from 5.15.32-desktop-1.mga8 virtualbox, 6.1.32-1.mga8, 5.16.18-desktop-1.mga8, x86_64: installed-binary from 5.16.18-desktop-1.mga8 Tested on kernel 5.15.32-desktop-1.mga8
Assignee: qa-bugs => kernelCC: (none) => fri
I did not have dkms-virtualbox installed, and I don't know when it is needed? (should get clarified at https://wiki.mageia.org/en/VirtualBox#On_the_host) Installed it, rebooted, no change, except in output o f$ dkms status|grep virt: virtualbox, 6.1.34-1.mga8, 5.16.18-desktop-1.mga8, x86_64: installed virtualbox, 6.1.34-1.mga8, 5.15.32-desktop-1.mga8, x86_64: installed-binary from 5.15.32-desktop-1.mga8 virtualbox, 6.1.32-1.mga8, 5.16.18-desktop-1.mga8, x86_64: installed-binary from 5.16.18-desktop-1.mga8 Same fail on 5.16.18-desktop-1.mga8
*** Bug 30313 has been marked as a duplicate of this bug. ***
CC: (none) => chmos
(In reply to Morgan Leijström from comment #3) > I did not have dkms-virtualbox installed, and I don't know when it is needed? > (should get clarified at https://wiki.mageia.org/en/VirtualBox#On_the_host) https://wiki.mageia.org/en/VirtualBox#On_the_host updated.
fix found, new packages coming
new set: SRPMS: virtualbox-6.1.34-1.2.mga8.src.rpm kmod-virtualbox-6.1.34-1.2.mga8.src.rpm i586: virtualbox-6.1.34-1.2.mga8.i586.rpm virtualbox-guest-additions-6.1.34-1.2.mga8.i586.rpm x86_64: dkms-virtualbox-6.1.34-1.2.mga8.x86_64.rpm python-virtualbox-6.1.34-1.2.mga8.x86_64.rpm virtualbox-6.1.34-1.2.mga8.x86_64.rpm virtualbox-devel-6.1.34-1.2.mga8.x86_64.rpm virtualbox-guest-additions-6.1.34-1.2.mga8.x86_64.rpm virtualbox-kernel-5.15.32-desktop-1.mga8-6.1.34-1.2.mga8.x86_64.rpm virtualbox-kernel-5.15.32-server-1.mga8-6.1.34-1.2.mga8.x86_64.rpm virtualbox-kernel-desktop-latest-6.1.34-1.2.mga8.x86_64.rpm virtualbox-kernel-server-latest-6.1.34-1.2.mga8.x86_64.rpm
Summary: Update request: virtualbox-6.1.34-1.mga8 => Update request: virtualbox-6.1.34-1.2.mga8Assignee: kernel => qa-bugs
Great Thomas Dave, thank you for the wiki edit --- Host: mga8-64, Plasma Hardware: My workstation "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, GM107 [GeForce GTX 750] using nvidia-current; GeForce 635 series and later, 4k display. Updated, rebooted, I noticed dkms built during boot. Running backport kernel 5.16.18-desktop-1 [morgan@svarten ~]$ dkms status virtualbox, 6.1.34-1.2.mga8, 5.15.32-desktop-1.mga8, x86_64: installed virtualbox, 6.1.34-1.2.mga8, 5.16.18-desktop-1.mga8, x86_64: installed nvidia-current, 470.94-1.mga8.nonfree, 5.15.32-desktop-1.mga8, x86_64: installed nvidia-current, 470.94-1.mga8.nonfree, 5.16.18-desktop-1.mga8, x86_64: installed virtualbox, 6.1.34-1.2.mga8, 5.15.32-desktop-1.mga8, x86_64: installed-binary from 5.15.32-desktop-1.mga8 virtualbox, 6.1.32-1.mga8, 5.16.18-desktop-1.mga8, x86_64: installed-binary from 5.16.18-desktop-1.mga8 Guest 1: my usual MSW7pro-64, tests OK: dynamic guest window resizing, bidirectional clipboard, host shared folders write protected and not, USB2 memory stick read&write (using upstream extension pack), video playing in Firefox and Chrome. Minor not working: earlier I could use mouse to drag file from host Dolphin to Guest Windows Explorer, but now that silently fail despite mouse cursor is showing a green plus sign. I think that failed also on previous version. Maybe new security? The reverse direction have never worked. In the VirtualBox guest window menu Devices>Drag&Drop, bidirectional is set. If i set no drag&drop, mouse cursor is a red blocked sign when i try, so that setting do make visual GUI difference, but operation is blocked. Guest 2: OK: BOINC LHC@home ATLAS simulation virtual machine 7CPU.
Advisory, added to svn: subject: Updated virtualbox packages fix security vulnerabilities CVE: - CVE-2022-21465 - CVE-2022-21471 - CVE-2022-21487 - CVE-2022-21488 src: 8: core: - virtualbox-6.1.34-1.2.mga8 - kmod-virtualbox-6.1.34-1.2.mga8 description: | Updated virtualbox packages fix security vulnerabilities: Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data (CVE-2022-21465). Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox (CVE-2022-21471). Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data (CVE-2022-21487). Vulnerability in the Oracle VM VirtualBox prior to 6.1.34 contains an easily exploitable vulnerability that allows a low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data (CVE-2022-21488). For other fixes in this update, see the referenced changelog. references: - https://bugs.mageia.org/show_bug.cgi?id=30302 - https://www.virtualbox.org/wiki/Changelog-6.1#v34 - https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixOVIR
Keywords: (none) => advisory
Blocks: (none) => 30330
No regressions noticed with i586 and x86_64 Mageia guests. Tested on a host with kernel 5.15.35-server-2.mga8 running. Installed the kernel update in both guests with no regressions noticed.
Quick test OK 5.15.32-desktop-1.mga8 same host and Windows guest.
No regressions noted with Windows XP and Windows 7 guests. Lately I have been noticing a problem within Mageia guests where when you run MCC the opening screen comes up blank. Clicking on the window redraws it correctly, and it acts normally from then on. I'm only seeing this in Mageia guests, never on real hardware. This persists after VirtualBox and guest additions are updated, so I believe another update not related (exactly) to VirtualBox is at fault. I will investigate a bit further, and open a new bug on the issue when I know more. Since the issue is relatively minor and existed already it is not a new regression, and I don't believe it should hold back this update.
CC: (none) => andrewsfarm
mga8-64 OK with kernel OK 5.15.32-desktop-2.mga8 bug 30330, tests per comment 8. (In reply to Morgan Leijström from comment #8) > Minor not working: earlier I could use mouse to drag file from host Dolphin > to Guest Windows Explorer, but now that silently fail despite mouse cursor > is showing a green plus sign. Now, while testing kernel 5.15.32-desktop-2.mga8, I see the above file dragging operation is working OK again :) (I did not test this detail with 5.15.32-desktop-1)
Doh, in previous comment I meant kernel desktop 5.15.*35*-2 of course... (In reply to Thomas Andrews from comment #12) > Lately I have been noticing a problem within Mageia guests where when you > run MCC the opening screen comes up blank. Clicking on the window redraws it > correctly Yes open a separate bug on that. I do not see that problem on my little used guest mga8 LXDE, on same host as other tests here. Mageia guest additions. Neither before, with all from updates repo per today, or with virtualbox and kernel from testing in host and guest.
Definitely needs a separate bug. I'm seeing it now on my real i586 hardware in Xfce. And there, it's worse.
MGA 64 XFCE No issues at installation. Bug with creating virtual host is still here: VBoxNetAdpCtl: Error while adding new interface: failed to open /dev/vboxnetctl: Permission denied. Code d'erreur : NS_ERROR_FAILURE (0x80004005) Composant : HostNetworkInterfaceWrap Interface : IHostNetworkInterface {455f8c45-44a0-a470-ba20-27890b96dba9} Otherwise the rest works, the virtual machine launches well and works well with a PrimTux distribution
CC: (none) => guillaume.royer
(In reply to Guillaume Royer from comment #16) > MGA 64 XFCE > > No issues at installation. > Bug with creating virtual host is still here: > > VBoxNetAdpCtl: Error while adding new interface: failed to open > /dev/vboxnetctl: Permission denied. Did you install the updated extension pack, available from https://download.virtualbox.org/virtualbox/6.1.34/Oracle_VM_VirtualBox_Extension_Pack-6.1.34.vbox-extpack Note, Mageia is not allowed to distribute it. It must be downloaded from Oracle, with each new vb version, and manually installed.
(In reply to Dave Hodgins from comment #17) > (In reply to Guillaume Royer from comment #16) > > MGA 64 XFCE > > > > No issues at installation. > > Bug with creating virtual host is still here: > > > > VBoxNetAdpCtl: Error while adding new interface: failed to open > > /dev/vboxnetctl: Permission denied. > Did you install the updated extension pack, available from > https://download.virtualbox.org/virtualbox/6.1.34/ > Oracle_VM_VirtualBox_Extension_Pack-6.1.34.vbox-extpack > > Note, Mageia is not allowed to distribute it. It must be downloaded from > Oracle, with each new vb version, and manually installed. Thank you for this tip but this isn't solve the problem
Blocks: (none) => 30335
Same tests OK with Bug 30335 - Backport request: kernel-5.17.4-2.mga8
(In reply to Guillaume Royer from comment #16) > MGA 64 XFCE > > No issues at installation. > Bug with creating virtual host is still here: > > VBoxNetAdpCtl: Error while adding new interface: failed to open > /dev/vboxnetctl: Permission denied. > I haven't tried using a host-only adapter interface, so I haven't run into this problem. I use the NAT interface. However, I did look at the permissions for the /dev/vboxnetctl on my laptop (not yet testing this update), and I found that it is root-only access. I actually had expected it to have vboxusers group access, after which I was going to ask if you had made sure your host user is a member of that group. But even the group (root) doesn't have access. Could it be that you have to run Vbox as root to create this interface on Mageia? The question then, of course, is if you do have to create the interface as root, would that then prevent non-root users from using that guest?
Enough tests, flushing out
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: (none) => MGA8-64-OK, MGA8-32-OK
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0153.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED