OmniOS Community Edition weekly releases for w/c 20th of May 2019 are now available.
These updates require a reboot.
The following updates are available for all supported releases:
Security Fixes
- Mitigations for a series of CPU side channel vulnerabilities that affect
Intel CPUs. These are collectively known as multi-architectural data
sampling (MDS) vulnerabilities and cover the following CVEs:
For more information, refer to the Intel security advisory
- Intel CPU microcode has been updated to the 20190514 release.
Other Changes
-
New feature allowing hyperthreading to be disabled on a running system or at boot time. To disable on an active system use
psradm -aS
and to disable at every bootecho smt_enabled=false > /boot/conf.d/smt
illumos 11048 -
The
mdb -ke ::sec
command has been updated to cover the new MDS vulnerabilities. -
It is now possible to configure the desired behaviour in response to receipt of an NMI via a boot option in place of
/etc/system
. For example, to cause a panic,echo nmi=panic > /boot/conf.d/nmi
. Other options are kmdb and ignore (the default). -
The
cpuid
utility has been updated to show whether the processor supports the new MD_CLEAR feature (delivered via microcode update).
Additionally, for r151030 only:
- TCP wrapper support for OpenSSH has been restored.
For further details, please see https://omnios.org/releasenotes —
Any problems or questions, please get in touch.