Oracle has released a new version of its virtualization system, VirtualBox 7.2.8, which addresses 9 vulnerabilities. The severity of the 5 most critical vulnerabilities is rated at 7.5 out of 10, with one of them being exploitable remotely. The details of these vulnerabilities have not been disclosed yet. Along with the security fixes, the latest release includes 17 changes.
Some of the key updates in this release include initial support for Linux kernels 6.19 and 7.0 for host environments with Linux. The new version also introduces accounting for CPU time spent on executing guest systems separately, improving system monitoring. Additionally, the vboxvideo kernel module is deprecated for Linux kernels 7.0 and later, with users advised to switch to the VMSVGA virtual graphics adapter.
Guest Additions have been enhanced to address issues related to clipboard access and pasting from the clipboard when running a Wayland-based GUI guest on Windows host systems. Several other improvements have been made for both host environments and guest systems with Linux, including support for packages with the UEK9 kernel from Oracle Linux 9 and resolving issues with kernels from RHEL 10.1 and 10.2.
The new version also fixes various issues, such as resolving a crash occurring when using multiple devices connected to the LSI Logic SAS controller in FreeBSD 16. Problems related to the graphics subsystem, address translator, and guest systems with Windows have also been addressed in this release.
These updates aim to enhance the overall stability and security of VirtualBox, providing users with a more reliable virtualization experience. Users are encouraged to update to the latest version to ensure they are protected against potential security threats and to benefit from the latest features and improvements.