[OmniOS-discuss] VENOM (CVE-2015-3456) update

Dan McDonald danmcd at omniti.com
Wed May 13 17:55:41 UTC 2015


Some of you probably have been tracking VENOM (aka. CVE-2015-3456).

I have patched the qemu that OmniOS's KVM uses with a VENOM fix and pushed updates on to the repo servers.  Source people can consult:

	https://github.com/joyent/illumos-kvm-cmd/commit/407546e5132f54065f3f78ac293ad7a8d16bf57c

for the fix itself.

r151006 --> new system/kvm package, with just VENOM patched.

r151014 --> new system/kvm package, with just VENOM patched.

r151012 --> new system/kvm AND driver/virtualization/kvm. VENOM is patched, and due to 012's closeness to 014, the 014 performance changes came along for the ride.

I'd recommend:

1.) Shutting down all KVM instances, and make sure "pgrep qemu" in the global zone shows no processes.  If you still see qemu processes, kill them after insuring your KVMs are shut down.

2.) pkg update

3.) Restarting your KVM instances, all of which will use the new, patched QEMU.

Thank you folks!
Dan



More information about the OmniOS-discuss mailing list