CVE Request for illumos distributions

[Dan McDonald <danmcd () omniti com>]

I believe this will be the first time the illumos project (http://www.illumos.org/) has requested a CVE number.  I 
apologize for any newbie mistakes.  PLEASE NOTE:  We are the open-source inheritor of what was once OpenSolaris's 
OS/Net consolidation (i.e. the kernel, system libraries, and system commands).  WE ARE NOT RELATED TO ORACLE or ORACLE 
SOLARIS.

Illumos bug #5421 - http://illumos.org/issues/5421  which is now fixed in the upstream illumos-gate, is an innocuous 
fix to a serious problem that allows an arbitrary user in the global zone (non-global zones are not able to panic the 
machine) to panic the machine.

Illumos has various distributions from various parties.  These include, but are not limited to:

        OmniOS from OmniTI
        SmartOS from Joyent
        NexentaStor from Nexenta
        The OpenIndiana project
        Coraid

Because SmartOS presents non-global zones to its non-administrative users, it is not a high-priority for them.  For 
OmniOS and OpenIndiana, it is more critical.

OmniOS has updated its packaging servers for all supported releases:  r151006/LTS, r151010/old-Stable, 
r151012/current-stable, and bloody.  Merely issuing "pkg update" and rebooting will fix the problem.  Users still on 
r151008 should upgrade to r151012 ASAP.

SmartOS has standard upgrade procedures.

Other distros' contacts are Bcc:ed here.  They will contact me if they have updates.

Thank you!
Daniel L. McDonald -- Illumos RTI Advocate, and unofficial Security Coordinator