- VirtualBox 7.0.8 (released April 18 2023)
This is a maintenance release. The following items were fixed and/or added:
VMM: Introduced general improvements in nested visualization area
GUI: Brought back Restore current snapshot checkbox of Close VM dialog (bugs #21189, #21491)
GUI: Fixes and validation for VM settings USB filters editor, filter port value is now properly saved/restored
GUI: Fixes for VM name and OS type embedded editors of Details pane
GUI: Cloud related wizards should now propose enabled profiles before disabled
Oracle VM VirtualBox Extension Pack: Fixed shipping the cryptographic support module for full VM encryption
E1000: Fixed possible guru meditation when changing network attachments (bug #21488)
virtio-net: Follow up fixes for FreeBSD 12.3 and pfSense 2.6.0 (bug #21201)
3D: Fixed various graphics issues with Windows 7 guests (bugs #21129, #21196, #21208, #21521)
Main/UefiVariableStore: Added API to add signatures to the MOK list (Machine Owner Key)
VBoxManage: Introduced modifynvram enrollmok sub-command to enroll Machine Owner Key into NVRAM, so Linux guest kernel can pick it up in order to verify signature of modules signed with this key
Guest Control/Main: Fixed deleting files via built-in toolbox
Linux host: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/vbox/vbox.cfg, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature
Linux Guest Additions and host Installer: Improved detection if system is running systemd as the init process
Linux Guest Additions and host drivers: Introduce initial support for kernel 6.3
Linux Guest Additions: Added possibility to bypass kernel modules signature verification once VBOX_BYPASS_MODULES_SIGNATURE_CHECK="1" is specified in /etc/virtualbox-guest-additions.conf, useful in case if Linux distribution does not provide necessary tools to verify kernel module signature
Linux Guest Additions: Added experimental support for kernel modules and user services reloading in the end of installation process, thus guest system reboot after Guest Additions (7.0.8 and newer) upgrade is no longer required in general case
Linux Guest Additions: Fixed vboxvideo build issue with RHEL 8.7, 9.1 and 9.2 kernels (bugs #21446 and #21450)
Fixes for (boo#1210616)
CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Prior to 6.1.44, Prior to 7.0.8
OBS-URL: https://build.opensuse.org/request/show/1084796
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=687
- VirtualBox 7.0.6 (released January 17 2023)
This is a maintenance release. The following items were fixed and/or added: [1]
- VMM: Fixed guru running the FreeBSD loader on older Intel CPUs without unrestricted guest support (bug #21332)
- GUI: Fixed virtual machines grouping when VM was created or modified in command line (bugs #11500, #20933)
- GUI: Introduced generic changes in settings dialogs
- VirtioNet: Fixed broken network after loading saved state (bug #21172)
- Storage: Added support for increasing the size of the following VMDK image variants: monolithicFlat, monolithicSparse, twoGbMaxExtentSparse, twoGbMaxExtentFlat
- VBoxManage: Added missing --directory switch for guestcontrol mktemp command
- Mouse Integration: Guest was provided with extended host mouse state (bug #21139)
- DnD: Introduced generic improvements
- Guest Control: Fixed handling creation mode for temporary directories (bug #21394)
- Linux Host and Guest: Added initial support for building UEK7 kernel on Oracle Linux 8
- Linux Host and Guest: Added initial support for RHEL 9.1 kernel
- Linux Guest Additions: Added initial support for kernel 6.2 for vboxvideo
- Audio: The "--audio" option in VBoxManage is now marked as deprecated; please use "--audio-driver" and "--audio-enabled" instead. This will allow more flexibility when changing the driver and/or controlling the audio functionality
Additionally, it fixes 6 CVE's: [2]
CVE-2023-21886 Oracle VM VirtualBox Core Multiple Yes 8.1 Network High None None Un-
changed High High High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21898 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21899 Oracle VM VirtualBox Core None No 5.5 Local Low Low None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6 See Note 1
CVE-2023-21884 Oracle VM VirtualBox Core None No 4.4 Local Low High None Un-
changed None None High Prior to 6.1.42, prior to 7.0.6
CVE-2023-21885 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6 See Note 2
CVE-2023-21889 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.42, prior to 7.0.6
Note 1: Applies to VirtualBox VMs running Windows 7 and later.
Note 2: Applies to Windows only.
Links:
OBS-URL: https://build.opensuse.org/request/show/1060705
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virtualbox?expand=0&rev=673
