stable

virtualbox-guest-additions-5.2.22-1.fc29

FEDORA-2018-a7988e4520 created by sergiomb 7 years ago for Fedora 29 
Update Virtualbox Guest Additions to 5.2.22, security fix version

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-a7988e4520

This update has been submitted for testing by sergiomb.

7 years ago
User Icon anonymous commented & provided feedback 7 years ago

Hi Sergio,

could you please make transparent to us, why Update Virtualbox Guest Additions to 5.2.22 is called a security fix.

VirtualBox 5.2.22 (released November 09 2018)

This is a maintenance release. The following items were fixed and/or added:

Audio: fixed a regression in the Core Audio backend causing a hang when returning from host sleep when processing input buffers
Audio: fixed a potential crash in the HDA emulation if a stream has no valid mixer sink attached -- thanks to Rink Springer (rink@…)
Windows hosts: fixed an incompatibility with recent versions of Windows 10 (bug #17977)
Windows hosts: fixed a number of bridged networking driver crashes (bug #18046)
Linux Additions: disable 3D for recent guests using Wayland (bug #18116)
Linux Additions: fix for rebuilding kernel modules for new kernels on RPM guests
Linux Additions: further fixes for Linux 4.19
Linux Additions: fixed errors rebuilding initrd files with dracut on EL 6 (bug #18055)
Linux Additions: fixed 5.2.20 regression: guests not remembering the screen size after shutdown and restart (bug #18078)

Thank you very much in advance.

Best regards, Dankmar

User Icon sergiomb commented & provided feedback 7 years ago

This just hit Slashdot: "According to a text file uploaded on GitHub, Saint Petersburg-based researcher Sergey Zelenyuk has found a chain of bugs that can allow malicious code to escape the VirtualBox virtual machine (the guest OS) and execute on the underlying (host) operating system."

One example article: https://www.zdnet.com/article/virtualbox-zero-day-published-by-disgruntled-researcher/

Slashdot: https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit

His github repo has the technical details. He shows how you can create a console shell to start on the host by using a buffer overrun in the guest: https://github.com/MorteNoir1/virtualbox_e1000_0day

The "disgruntled security researcher" part is difficult to read and understand due to broken English. More info is available on his github page.

This update has been pushed to testing.

7 years ago
User Icon besser82 commented & provided feedback 7 years ago
karma

Works great! LGTM! =)

User Icon filiperosset commented & provided feedback 6 years ago
karma

no regressions noted

User Icon pwalter commented & provided feedback 6 years ago
karma

Works

This update has been submitted for batched by bodhi.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
3
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
6 years ago
Builds
1
virtualbox-guest-additions-5.2.22-1.fc29
BZ#1648954 Version 5.2.22 of virtualbox-guest-additions is available
0
0
virtualbox-guest-additions-5.2.22-1.fc29

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.5.1^202511011314gitd15bb4a on bodhi-web-10-887ql.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy