Oracle、Critical Patch Updateを含む「VirtualBox v6.1.32」をリリース。

VirtualBox v6.1.32 Critical Patch Update 仮想環境

 OracleがCritical Patch Updateを含む「VirtualBox v6.1.32」をリリースしています。詳細は以下から。

 Oracleは現地時間2022年01月10日、WindowsとmacOS, Linuxのクロスプラットフォームに対応した仮想化ソフトウェアVirtualBoxの「VirtualBox v6.1.32」アップデートの提供を開始したと発表しています。

VirtualBox v6.1.32 Critical Patch Update

Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data.

Text Form of Risk Matrix for Oracle Virtualization – Oracle

 OracleでLinux/VMのプロダクトマネージャーを務めるSimon Coterさんによると、2022年初のアップデートとなるVirtualBox v6.1.32ではHyper-VやAMD CPUなどで発生していた以下の不具合が修正されたほか、

Oracle製品に対する脆弱性を修正した「Critical Patch Update」の対処となる2件の脆弱性(CVE-2022-21394/-21295)が含まれており、前者はCVSS 3.1 Base Scoreが6.5で、認証なしにOracle VM VirtualBoxの全てのデータにアクセスできる可能性があるそうなので、ユーザーの方は時間を見つけてアップデートする事をおすすめします。

VirtualBox 6.1.32 (released January 18 2022)

This is a maintenance release. The following items were fixed and/or added:

  • VMM: Changed the guest RAM management when using Hyper-V to be more compatible with HVCI (bug #20627 and #20694)
  • VMM: Workaround for OS/2 guest unstability on newer AMD CPUs due to a missing TLB flush in OS/2 (bug #20625)
  • GUI: Fixed keyboard focus loss in rare circumstances when using the mini toolbar in fullscreen mode
  • Audio: Fixed accidental creation of empty debug log file when the OSS audio backend was configured
  • E1000: Fix link status reporting for certain Linux kernels (some Oracle Linux ones, probably more)
  • Unattended installation: Fixed regression introduced in 6.1.28, causing partitioning failure for Windows XP to 10 (bug #20769)
  • Solaris host: Fixed regression in installer, failed on Solaris 10
  • Solaris host: Fix packaging regression, make executable
  • Linux host: Fix access to some USB devices, device class was not correctly handled (bug #20721)
  • Guest: Fixed wrong mouse position if guest is in text mode
  • Guest Control: Fixed folders copying from host to guest and from guest to host
  • Guest Control: Fixes for UNICODE handling
  • Shared Clipboard: Improved HTML content exchange between X11 and Windows guests and hosts
  • OS/2 Additions: Fixed some issues with extended attributes in the shared folders (bug #19453)