[OmniOS-discuss] Please UPDATE now
Dan McDonald
danmcd at omniti.com
Tue Dec 9 18:37:21 UTC 2014
Only specifically buggy code or malicious use will cause the panic. The deployment as you describe (esp. No local users) has reduced the risk enough where you can likely wait for your window.
Dan
Sent from my iPhone (typos, autocorrect, and all)
> On Dec 9, 2014, at 12:47 PM, Paul B. Henson <henson at acm.org> wrote:
>
> Is this only an issue if a malicious user intentionally crashes the system, or could it also potentially occur under regular use? IE, if you have a system with no local users only providing network services, would this still be a critical patch or could it wait for a more convenient installation schedule? The bug report isn't particularly detailed, it's not clear when/why devzvol_readdir() would call strchr or what would cause that call to return NULL.
>
> Thanks...
>
>> On Dec 9, 2014, at 9:10 AM, Dan McDonald <danmcd at omniti.com> wrote:
>>
>> Hello OmniOS users!
>>
>> Illumos bug 5421 was fixed in all OmniOS repos, and the r151012/Stable install media has been updated as well. This bug had allowed an ordinary user in the global zone to kernel-panic the machine. That bug is now fixed in illumos-gate, and all SUPPORTED OmniOS revisions:
>>
>> - bloody
>> - r151012 (aka. Stable)
>> - r151010 (aka. previous Stable)
>> - r151006 (aka. Long-Term Support)
>>
>> If you are on one of these supported OmniOS revisions, run "pkg update" now and reboot. I requested a CVE number for all illumos distros, but the CVE folks haven't gotten back to me yet.
>>
>> Thank you!
>> Dan McDonald -- OmniOS Engineering
>>
>> _______________________________________________
>> OmniOS-discuss mailing list
>> OmniOS-discuss at lists.omniti.com
>> http://lists.omniti.com/mailman/listinfo/omnios-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20141209/7fd3c229/attachment.html>
More information about the OmniOS-discuss
mailing list