Update Virtualbox Guest Additions to 5.2.22, security fix version

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-a7988e4520

This update has been submitted for testing by sergiomb.

3 years ago
User Icon anonymous commented & provided feedback 3 years ago

Hi Sergio,

could you please make transparent to us, why Update Virtualbox Guest Additions to 5.2.22 is called a security fix.

VirtualBox 5.2.22 (released November 09 2018)

This is a maintenance release. The following items were fixed and/or added:

Audio: fixed a regression in the Core Audio backend causing a hang when returning from host sleep when processing input buffers
Audio: fixed a potential crash in the HDA emulation if a stream has no valid mixer sink attached -- thanks to Rink Springer (rink@…)
Windows hosts: fixed an incompatibility with recent versions of Windows 10 (bug #17977)
Windows hosts: fixed a number of bridged networking driver crashes (bug #18046)
Linux Additions: disable 3D for recent guests using Wayland (bug #18116)
Linux Additions: fix for rebuilding kernel modules for new kernels on RPM guests
Linux Additions: further fixes for Linux 4.19
Linux Additions: fixed errors rebuilding initrd files with dracut on EL 6 (bug #18055)
Linux Additions: fixed 5.2.20 regression: guests not remembering the screen size after shutdown and restart (bug #18078)

Thank you very much in advance.

Best regards, Dankmar

User Icon sergiomb commented & provided feedback 3 years ago

This just hit Slashdot: "According to a text file uploaded on GitHub, Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute on the underlying (host) operating system."

One example article: https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/

Slashdot: https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit

His github repo has the technical details. He shows how you can create a console shell to start on the host by using a buffer overrun in the guest: https://github.com/MorteNoir1/virtualbox_e1000_0day

The "disgruntled security researcher" part is difficult to read and understand due to broken English. More info is available on his github page.

This update has been pushed to testing.

3 years ago
User Icon besser82 commented & provided feedback 3 years ago
karma

Works great! LGTM! =)

User Icon filiperosset commented & provided feedback 3 years ago
karma

no regressions noted

User Icon pwalter commented & provided feedback 3 years ago
karma

Works

This update has been submitted for batched by bodhi.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
BZ#1648954 Version 5.2.22 of virtualbox-guest-additions is available
0
0

Automated Test Results