VirtualBox VM Escape vulnerability - Please update ASAP

Joseph Scheuhammer clown at alum.mit.edu
Mon Jan 29 15:05:12 UTC 2018


All,

Note that you may have to upgrade Vagrant if you install VirtualBox 5.2.6.

I was running Vagrant 1.9.2 but after installing VirtualBox 5.2.6 and
running "vagrant up", I got an error message saying to either go back to
version 5.1, or upgrade Vagrant.  I upgraded to Vagrant 2.0.1, the
latest for macOS.  The next error message said that my vagrant plugins
were out of date, and advised that I run "vagrant plugin repair".  I did
so successfully.  Of note the "vagrant-gpii-ci (0.0.6)" was repaired.

"vagrant up" now brings up the VM.  So far, so good.  If I run into any
other problems or info, I'll let you know.

On 2018-01-27 2:18 AM, Tirloni, Giovanni wrote:
> Hello,
>
> Several vulnerabilities that allow escaping the VM were discovered.
>
> Please update to 5.2.6 (or 5.1.32).
>
> http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixOVIR
>
> https://www.techrepublic.com/article/10-new-vm-escape-vulnerabilities-discovered-in-virtualbox/
>
> Regards,
> Giovanni
> _______________________________________________________
> fluid-work mailing list - fluid-work at lists.idrc.ocad.ca
> To unsubscribe, change settings or access archives,
> see https://lists.idrc.ocad.ca/mailman/listinfo/fluid-work
>

-- 
;;;;joseph.

'Call me hobophobic, but I don't think two vagrants should be allowed to marry.'
                               - J. Tiedrich -



More information about the fluid-work mailing list