OmniOS Community Edition weekly releases for w/c 20th of May 2019 are now available.
These updates require a reboot.
The following updates are available for all supported releases:
- Mitigations for a series of CPU side channel vulnerabilities that affect
Intel CPUs. These are collectively known as multi-architectural data
sampling (MDS) vulnerabilities and cover the following CVEs:
For more information, refer to the Intel security advisory
- Intel CPU microcode has been updated to the 20190514 release.
New feature allowing hyperthreading to be disabled on a running system or at boot time. To disable on an active system use
psradm -aSand to disable at every boot
echo smt_enabled=false > /boot/conf.d/smtillumos 11048
mdb -ke ::seccommand has been updated to cover the new MDS vulnerabilities.
It is now possible to configure the desired behaviour in response to receipt of an NMI via a boot option in place of
/etc/system. For example, to cause a panic,
echo nmi=panic > /boot/conf.d/nmi. Other options are kmdb and ignore (the default).
cpuidutility has been updated to show whether the processor supports the new MD_CLEAR feature (delivered via microcode update).
Additionally, for r151030 only:
- TCP wrapper support for OpenSSH has been restored.
For further details, please see https://omnios.org/releasenotes —
Any problems or questions, please get in touch.