[OmniOS-discuss] OmniOS and US-CERT Vulnerability Note VU#649219

Theo Schlossnagle jesus at omniti.com
Sat Jun 16 00:49:51 EDT 2012


Some 64-bit operating systems and virtualization software running on
Intel CPU hardware are vulnerable to a local privilege escalation
attack. The vulnerability may be exploited for local privilege
escalation or a guest-to-host virtual machine escape. More complete
details are available here: http://www.kb.cert.org/vuls/id/649219

OmniOS, like other Illumos-based operating systems, was vulnerable to
this attack and has since been fixed:

  http://omnios.omniti.com/changeset.php/core/illumos-omnios/6ba2dbf5e79c7fc6e1221844ddaa2c88a42a3fc1

Updated packages for both the OmniOS release and "bloody"
distributions are now available in the public package repositories.

If you are running an OmniOS system, it is highly recommended that you
upgrade immediately.  As this problem is in-kernel, a reboot will be
required to put the fixes in place.

Thanks and happy updating and stay safe!

-- 
Theo Schlossnagle
http://omniti.com/is/theo-schlossnagle


More information about the OmniOS-discuss mailing list