VBoxNetNAT is missing suid bit

Bug #1805651 reported by ChrisLaw on 2018-11-28
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
virtualbox (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
virtualbox-hwe (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned

Bug Description

Fresh installs seem to be missing the suid bit on VBoxNetNat. Consequently virtual Nat networks don't work. Adding the bit fixed the problem.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: virtualbox 5.2.18-dfsg-2~ubuntu18.04.1
ProcVersionSignature: Ubuntu 4.15.0-39.42-generic 4.15.18
Uname: Linux 4.15.0-39-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Nov 28 15:28:31 2018
ProcEnviron:
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: virtualbox
UpgradeStatus: No upgrade log present (probably fresh install)

ChrisLaw (megs-law) wrote :
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 5.2.24-dfsg-4

---------------
virtualbox (5.2.24-dfsg-4) unstable; urgency=medium

  * Fix typo in previous upload

 -- Gianfranco Costamagna <email address hidden> Thu, 17 Jan 2019 10:34:43 +0100

Changed in virtualbox (Ubuntu):
status: New → Fix Released

Hello ChrisLaw, or anyone else affected,

Accepted virtualbox into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/virtualbox/5.2.32-dfsg-0~ubuntu18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in virtualbox (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-bionic
Łukasz Zemczak (sil2100) wrote :

Hello ChrisLaw, or anyone else affected,

Accepted virtualbox-hwe into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/virtualbox-hwe/5.2.32-dfsg-0~ubuntu18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Mathew Hodson (mhodson) on 2019-07-27
no longer affects: virtualbox (Ubuntu Bionic)
Changed in virtualbox (Ubuntu Bionic):
status: New → Fix Committed
Changed in virtualbox-hwe (Ubuntu):
status: New → Fix Released
Changed in virtualbox-hwe (Ubuntu Bionic):
status: New → Fix Committed

works now on bionic

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic

-rwsr-sr-x root/root 157776 2019-04-18 07:30 ./usr/lib/virtualbox/VBoxNetNAT

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox - 5.2.32-dfsg-0~ubuntu18.04.1

---------------
virtualbox (5.2.32-dfsg-0~ubuntu18.04.1) bionic; urgency=medium

  * SRU the latest package for bionic (LP: #1835576, LP: #1829248)
  [ Connor Kuehl ]
  * Fix build for Linux 5.0 (LP: #1835576)
    - debian/patches/ubuntu-0001-linux-5.0-compat.patch
    - debian/patches/ubuntu-0002-linux-5.0-move-ms-remount.patch
    - debian/patches/ubuntu-0003-linux-5.0-make-driver-work-with-Linux-5.0.patch
    - debian/patches/ubuntu-0004-drop-FBINFO_CAN_FORCE_OUTPUT-flag.patch
    - debian/patches/ubuntu-0005-switch-to-drm_get-drm_put-helpers.patch
    - debian/patches/ubuntu-0006-fixup-vboxvideo-module-include.patch
    - debian/patches/ubuntu-0007-update-connector-functions.patch

  [ Gianfranco Costamagna ]
  * Do not apply patches ubuntu-000{1,2,3,4,5,7], because they are included in
    this upstream release
  * New upstream release, update postinst.
  * CVE fixes
    - CVE-2019-2656
    - CVE-2019-2680
    - CVE-2019-2696
    - CVE-2019-2703
    - CVE-2019-2721
    - CVE-2019-2722
    - CVE-2019-2723
    - CVE-2019-2657
    - CVE-2019-2690
    - CVE-2019-2679
    - CVE-2019-2678
    - CVE-2019-2574
  * Drop patches useless with this new upstream release:
    - 18-system-xorg.patch
    - new-gcc.patch
    - kernel-4.18.patch
    - fix-guest-to-host-escape-vulnerability.patch
  * Cherry-pick some fixes from Debian git master branch
    - Enable full hardening
    - automatically detect wsimport from the system
    - bump std-version to 4.3.0
    - Add suid bit to VBoxNetNat to make it work (LP: #1805651)
    - Finally relax dh_strip hack
    - Relax some version constraints, already fullfilled since o-o-stable
    - use cafe instead of beef, to detect if we are inside a VM to fix
      copy-paste.
    - Start VBoxClient too, with the right --vmsvga flag, to fix screen resize
    - Switch to java11, that changed everything (Closes: #920723)
      - add new jaxw dependencies.
    - Switch from iasl to the new acpica-tools name
    - Implement DEB_BUILD_OPTIONS=parallel=n handling during build
      (Closes: #924302)

 -- Gianfranco Costamagna <email address hidden> Thu, 18 Apr 2019 09:30:21 +0200

Changed in virtualbox (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for virtualbox has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package virtualbox-hwe - 5.2.32-dfsg-0~ubuntu18.04.1

---------------
virtualbox-hwe (5.2.32-dfsg-0~ubuntu18.04.1) bionic; urgency=medium

  * SRU latest upstream release to bionic

virtualbox (5.2.32-dfsg-0~ubuntu18.04.1) bionic; urgency=medium

  * SRU the latest package for bionic (LP: #1835576, LP: #1829248)
  [ Connor Kuehl ]
  * Fix build for Linux 5.0 (LP: #1835576)
    - debian/patches/ubuntu-0001-linux-5.0-compat.patch
    - debian/patches/ubuntu-0002-linux-5.0-move-ms-remount.patch
    - debian/patches/ubuntu-0003-linux-5.0-make-driver-work-with-Linux-5.0.patch
    - debian/patches/ubuntu-0004-drop-FBINFO_CAN_FORCE_OUTPUT-flag.patch
    - debian/patches/ubuntu-0005-switch-to-drm_get-drm_put-helpers.patch
    - debian/patches/ubuntu-0006-fixup-vboxvideo-module-include.patch
    - debian/patches/ubuntu-0007-update-connector-functions.patch

  [ Gianfranco Costamagna ]
  * Do not apply patches ubuntu-000{1,2,3,4,5,7], because they are included in
    this upstream release
  * New upstream release, update postinst.
  * CVE fixes
    - CVE-2019-2656
    - CVE-2019-2680
    - CVE-2019-2696
    - CVE-2019-2703
    - CVE-2019-2721
    - CVE-2019-2722
    - CVE-2019-2723
    - CVE-2019-2657
    - CVE-2019-2690
    - CVE-2019-2679
    - CVE-2019-2678
    - CVE-2019-2574
  * Drop patches useless with this new upstream release:
    - 18-system-xorg.patch
    - new-gcc.patch
    - kernel-4.18.patch
    - fix-guest-to-host-escape-vulnerability.patch
  * Cherry-pick some fixes from Debian git master branch
    - Enable full hardening
    - automatically detect wsimport from the system
    - bump std-version to 4.3.0
    - Add suid bit to VBoxNetNat to make it work (LP: #1805651)
    - Finally relax dh_strip hack
    - Relax some version constraints, already fullfilled since o-o-stable
    - use cafe instead of beef, to detect if we are inside a VM to fix
      copy-paste.
    - Start VBoxClient too, with the right --vmsvga flag, to fix screen resize
    - Switch to java11, that changed everything (Closes: #920723)
      - add new jaxw dependencies.
    - Switch from iasl to the new acpica-tools name
    - Implement DEB_BUILD_OPTIONS=parallel=n handling during build
      (Closes: #924302)

 -- Gianfranco Costamagna <email address hidden> Sat, 13 Jul 2019 15:53:11 +0200

Changed in virtualbox-hwe (Ubuntu Bionic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers