[SRU] Virtualbox 7.0.12 and 6.1.48
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
virtualbox (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
In Progress
|
Undecided
|
Unassigned | ||
Jammy |
In Progress
|
Undecided
|
Unassigned | ||
Lunar |
In Progress
|
Undecided
|
Unassigned | ||
virtualbox-ext-pack (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
In Progress
|
Undecided
|
Unassigned | ||
Jammy |
In Progress
|
Undecided
|
Unassigned | ||
Lunar |
In Progress
|
Undecided
|
Unassigned | ||
virtualbox-guest-additions-iso (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
In Progress
|
Undecided
|
Unassigned | ||
Jammy |
In Progress
|
Undecided
|
Unassigned | ||
Lunar |
In Progress
|
Undecided
|
Unassigned | ||
virtualbox-hwe (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
In Progress
|
Undecided
|
Unassigned | ||
Jammy |
In Progress
|
Undecided
|
Unassigned | ||
Lunar |
In Progress
|
Undecided
|
Unassigned |
Bug Description
[ MICRORELEASE PAGE ]
https:/
[ SRU impact ]
* All vbox users, host and guest
[ Test plan ]
* Install virtualbox, run VMs
[ Possible regressions ]
* Upstream has a really good testsuite and in package history regressions were mostly never found, except for really minor bugs
[ Other Info ]
Sync vbox from Debian, fixing CVES
CVE-2023-21990 Oracle VM VirtualBox Core None No 8.2 Local Low High None Changed High High High Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21987 Oracle VM VirtualBox Core None No 7.8 Local High Low None Changed High High High Prior to 6.1.44, Prior to 7.0.8
CVE-2022-42916 Oracle VM VirtualBox Core (cURL) HTTP Yes 7.5 Network Low None None Un-
changed High None None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-22002 Oracle VM VirtualBox Core None No 6.0 Local Low High None Changed High None None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21989 Oracle VM VirtualBox Core None No 6.0 Local Low High None Changed High None None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21998 Oracle VM VirtualBox Core None No 4.6 Local Low High None Changed Low Low None Prior to 6.1.44, Prior to 7.0.8 See Note 1
CVE-2023-22000 Oracle VM VirtualBox Core None No 4.6 Local Low High None Changed Low Low None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-22001 Oracle VM VirtualBox Core None No 4.6 Local Low High None Changed Low Low None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21988 Oracle VM VirtualBox Core None No 3.8 Local Low Low None Changed Low None None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21999 Oracle VM VirtualBox Core None No 3.6 Local High Low None Un-
changed Low Low None Prior to 6.1.44, Prior to 7.0.8
CVE-2023-21991 Oracle VM VirtualBox Core None No 3.2 Local Low High None Changed Low None None Prior to 6.1.44, Prior to 7.0.8
description: | updated |
Changed in virtualbox-guest-additions-iso (Ubuntu Lunar): | |
status: | New → Fix Committed |
Changed in virtualbox-ext-pack (Ubuntu Lunar): | |
status: | New → Fix Committed |
Changed in virtualbox (Ubuntu Lunar): | |
status: | New → Fix Committed |
information type: | Public → Public Security |
Changed in virtualbox-guest-additions-iso (Ubuntu Lunar): | |
status: | Fix Committed → Fix Released |
description: | updated |
summary: |
- [SRU] virtualbox 7.0.8 and 6.1.44 + [SRU] virtualbox 7.0.10 and 6.1.46 |
Changed in virtualbox (Ubuntu Kinetic): | |
status: | New → Invalid |
Changed in virtualbox-ext-pack (Ubuntu Kinetic): | |
status: | New → Invalid |
Changed in virtualbox-guest-additions-iso (Ubuntu Kinetic): | |
status: | New → Invalid |
Changed in virtualbox-hwe (Ubuntu Kinetic): | |
status: | New → Invalid |
Changed in virtualbox-guest-additions-iso (Ubuntu Lunar): | |
status: | Fix Released → In Progress |
Changed in virtualbox (Ubuntu Focal): | |
status: | New → In Progress |
Changed in virtualbox (Ubuntu Jammy): | |
status: | New → In Progress |
no longer affects: | virtualbox (Ubuntu Kinetic) |
no longer affects: | virtualbox-guest-additions-iso (Ubuntu Kinetic) |
Changed in virtualbox-ext-pack (Ubuntu Focal): | |
status: | New → In Progress |
Changed in virtualbox (Ubuntu Lunar): | |
status: | Fix Committed → In Progress |
Changed in virtualbox (Ubuntu): | |
status: | Fix Committed → Fix Released |
Changed in virtualbox-ext-pack (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in virtualbox-ext-pack (Ubuntu Lunar): | |
status: | Fix Committed → In Progress |
Changed in virtualbox-ext-pack (Ubuntu): | |
status: | Fix Committed → Fix Released |
no longer affects: | virtualbox-ext-pack (Ubuntu Kinetic) |
no longer affects: | virtualbox-hwe (Ubuntu Kinetic) |
Changed in virtualbox-hwe (Ubuntu): | |
status: | Fix Committed → Fix Released |
Changed in virtualbox-guest-additions-iso (Ubuntu Focal): | |
status: | New → In Progress |
Changed in virtualbox-guest-additions-iso (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in virtualbox-hwe (Ubuntu Focal): | |
status: | New → In Progress |
Changed in virtualbox-hwe (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in virtualbox-hwe (Ubuntu Lunar): | |
status: | Fix Committed → In Progress |
Also CVE-2022-43551 is fixed with CVE-2022-42916