[OmniOS-discuss] Please UPDATE now
Paul B. Henson
henson at acm.org
Tue Dec 9 17:47:24 UTC 2014
Is this only an issue if a malicious user intentionally crashes the system, or could it also potentially occur under regular use? IE, if you have a system with no local users only providing network services, would this still be a critical patch or could it wait for a more convenient installation schedule? The bug report isn't particularly detailed, it's not clear when/why devzvol_readdir() would call strchr or what would cause that call to return NULL.
Thanks...
> On Dec 9, 2014, at 9:10 AM, Dan McDonald <danmcd at omniti.com> wrote:
>
> Hello OmniOS users!
>
> Illumos bug 5421 was fixed in all OmniOS repos, and the r151012/Stable install media has been updated as well. This bug had allowed an ordinary user in the global zone to kernel-panic the machine. That bug is now fixed in illumos-gate, and all SUPPORTED OmniOS revisions:
>
> - bloody
> - r151012 (aka. Stable)
> - r151010 (aka. previous Stable)
> - r151006 (aka. Long-Term Support)
>
> If you are on one of these supported OmniOS revisions, run "pkg update" now and reboot. I requested a CVE number for all illumos distros, but the CVE folks haven't gotten back to me yet.
>
> Thank you!
> Dan McDonald -- OmniOS Engineering
>
> _______________________________________________
> OmniOS-discuss mailing list
> OmniOS-discuss at lists.omniti.com
> http://lists.omniti.com/mailman/listinfo/omnios-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20141209/e855eb75/attachment.html>
More information about the OmniOS-discuss
mailing list