Linux_Downloads – Oracle VM VirtualBox

Download VirtualBox for Linux Hosts

Note: The package architecture has to match the Linux kernel architecture, that is, if you are running a 64-bit kernel, install the appropriate AMD64 package (it does not matter if you have an Intel or an AMD CPU). Mixed installations (e.g. Debian/Lenny ships an AMD64 kernel with 32-bit packages) are not supported. To install VirtualBox anyway you need to setup a 64-bit chroot environment.

The VirtualBox base package binaries are released under the terms of the GPL version 2.

Please choose the appropriate package for your Linux distribution.

VirtualBox 7.0.8 for Linux

You might want to compare the checksums to verify the integrity of downloaded packages.
The SHA256 checksums should be favored as the MD5 algorithm must be treated as insecure!

Oracle Linux

Users of Oracle Linux 6, 7 and 8 can use the Oracle Linux yum  repository and enable the  ol6_developer channel for Oracle Linux 6, the  ol7_developer channel for Oracle Linux 7, or the  ol8_developer channel for Oracle Linux 8. After that, do

yum install VirtualBox-6.1

to get the latest maintenance release of VirtualBox 6.1.x installed.

Debian-based Linux distributions

Add the following line to your /etc/apt/sources.list. For Debian 11 and older, replace ‘<mydist>‘ with ‘bullseye‘, ‘buster‘, or ‘stretch‘. For Ubuntu 22.04 and older, ‘replace ‘<mydist>‘ with ‘jammy‘, ‘eoan‘, ‘bionic‘, ‘xenial‘,

deb [arch=amd64 signed-by=/usr/share/keyrings/oracle-virtualbox-2016.gpg] https://download.virtualbox.org/virtualbox/debian <mydist> contrib

The Oracle public key for verifying the signatures can be downloaded here. You can add these keys with

sudo gpg --dearmor oracle_vbox_2016.asc --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg

or combine downloading and registering:

wget -O- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --dearmor --yes --output /usr/share/keyrings/oracle-virtualbox-2016.gpg

The key fingerprint for oracle_vbox_2016.asc is

B9F8 D658 297A F3EF C18D  5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <[email protected]>

To install VirtualBox, do

sudo apt-get update
sudo apt-get install virtualbox-6.1

Replace virtualbox-6.1 by virtualbox-6.0 or virtualbox-5.2 to install the latest VirtualBox 6.0 or 5.2 build.

What to do when experiencing The following signatures were invalid: BADSIG … when refreshing the packages from the repository?

# sudo -s -H
# apt-get clean
# rm /var/lib/apt/lists/*
# rm /var/lib/apt/lists/partial/*
# apt-get clean
# apt-get update

If you previously added the Oracle key(s) to your default keyring (now considered insecure), remove them again with:

sudo apt-key remove 5CDFA2F683C52980AECF
sudo apt-key remove D9C954422A4B98AB5139

(As of VirtualBox 3.2, the signing key was changed. The old Sun public key for apt-secure can be downloaded  here. Likewise, the Oracle public key for distributions older than Debian 8 and Ubuntu 16.04 can be downloaded here.)

RPM-based Linux distributions

We provide a yum/dnf-style repository for Oracle Linux/Fedora/RHEL/openSUSE. All .rpm packages are signed. The Oracle public key for rpm can be downloaded here. You can add this key (not normally necessary, see below!) with

sudo rpm --import oracle_vbox_2016.asc

or combine downloading and registering:

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | rpm --import -

The key fingerprint is

B9F8 D658 297A F3EF C18D  5CDF A2F6 83C5 2980 AECF
Oracle Corporation (VirtualBox archive signing key) <[email protected]>

After importing the public key, the package signature can be checked with

rpm --checksig PACKAGE_NAME

Note that importing the key is not necessary for yum users (Oracle Linux/Fedora/RHEL/CentOS) when using one of the virtualbox.repo files from below as yum downloads and imports the public key automatically! Zypper users should run

zypper refresh

(As of VirtualBox 6.1.44/7.0.8, the same signing key as for Debian packages since 2016 is used. The Oracle public key for older rpm packages and not updated repositories can be downloaded here.)

The package signature is checked by yum/dnf/zypper as well: