[OmniOS-discuss] "pkg update" NOW for KVM security fixes!
Dan McDonald
danmcd at omniti.com
Thu Feb 11 20:19:34 UTC 2016
Pardon the top-post folks. If you're running KVM, ESPECIALLY if it's in your global zone, you should update your KVM packages now. As Joshua from Joyent points out below, there are several CVEs that are addressed with this update. Thanks to Joshua for putting these to bed quickly.
"pkg update" is your friend for LTS (r151014) and Stable (r151016). My own r151014 build machine has a KVM-in-a-zone instance (running OpenIndiana), which seems to work just fine after this update.
If you're not running KVM on OmniOS, don't sweat this. If you're running KVM on Bloody, expect this as part of a larger update to bloody tonight or tomorrow.
Thanks,
Dan
> Begin forwarded message:
>
> From: "Joshua M. Clulow" <jmc at joyent.com>
> Subject: [HEADS-UP] QEMU CVE fixes have been put back (was: [USN-2891-1] QEMU vulnerabilities)
> Date: February 11, 2016 at 2:50:25 PM EST
> To: Dan McDonald <danmcd at omniti.com>
> Cc: Robert Mustacchi <rm at joyent.com>
>
> Hi Dan,
<snip!>
> I have pushed fixes for the five applicable CVEs. The SmartOS tickets are:
>
> https://smartos.org/bugview/HVM-841 (CVE-2015-8504)
> https://smartos.org/bugview/HVM-842 (CVE-2015-8550)
> https://smartos.org/bugview/HVM-843 (CVE-2015-8743)
> https://smartos.org/bugview/HVM-844 (CVE-2016-1714)
> https://smartos.org/bugview/HVM-845 (CVE-2016-1981)
>
> The changes are all in the "master" branch of "kvm-cmd.git". I have
> done a build, and some basic testing of the "e1000" NIC emulation and
> the VNC emulated display driver.
>
>
> Cheers.
>
> --
> Joshua M. Clulow
> Software Engineer @ Joyent
> mail: jmc at joyent.com
More information about the OmniOS-discuss
mailing list