oss-sec mailing list archives
Re: CVE Request for illumos distributions
From: Dan McDonald <danmcd () omniti com>
Date: Thu, 11 Dec 2014 17:46:07 -0500
Ping? Sent from my iPhone (typos, autocorrect, and all)
On Dec 9, 2014, at 1:43 AM, Dan McDonald <danmcd () omniti com> wrote: I believe this will be the first time the illumos project (http://www.illumos.org/) has requested a CVE number. I apologize for any newbie mistakes. PLEASE NOTE: We are the open-source inheritor of what was once OpenSolaris's OS/Net consolidation (i.e. the kernel, system libraries, and system commands). WE ARE NOT RELATED TO ORACLE or ORACLE SOLARIS. Illumos bug #5421 - http://illumos.org/issues/5421 which is now fixed in the upstream illumos-gate, is an innocuous fix to a serious problem that allows an arbitrary user in the global zone (non-global zones are not able to panic the machine) to panic the machine. Illumos has various distributions from various parties. These include, but are not limited to: OmniOS from OmniTI SmartOS from Joyent NexentaStor from Nexenta The OpenIndiana project Coraid Because SmartOS presents non-global zones to its non-administrative users, it is not a high-priority for them. For OmniOS and OpenIndiana, it is more critical. OmniOS has updated its packaging servers for all supported releases: r151006/LTS, r151010/old-Stable, r151012/current-stable, and bloody. Merely issuing "pkg update" and rebooting will fix the problem. Users still on r151008 should upgrade to r151012 ASAP. SmartOS has standard upgrade procedures. Other distros' contacts are Bcc:ed here. They will contact me if they have updates. Thank you! Daniel L. McDonald -- Illumos RTI Advocate, and unofficial Security Coordinator
Current thread:
- CVE Request for illumos distributions Dan McDonald (Dec 08)
- Re: CVE Request for illumos distributions Dan McDonald (Dec 11)