Is this only an issue if a malicious user intentionally crashes the system, or could it also potentially occur under regular use? IE, if you have a system with no local users only providing network services, would this still be a critical patch or could it wait for a more convenient installation schedule? The bug report isn't particularly detailed, it's not clear when/why devzvol_readdir() would call strchr or what would cause that call to return NULL.
Thanks... > On Dec 9, 2014, at 9:10 AM, Dan McDonald <[email protected]> wrote: > > Hello OmniOS users! > > Illumos bug 5421 was fixed in all OmniOS repos, and the r151012/Stable > install media has been updated as well. This bug had allowed an ordinary > user in the global zone to kernel-panic the machine. That bug is now fixed > in illumos-gate, and all SUPPORTED OmniOS revisions: > > - bloody > - r151012 (aka. Stable) > - r151010 (aka. previous Stable) > - r151006 (aka. Long-Term Support) > > If you are on one of these supported OmniOS revisions, run "pkg update" now > and reboot. I requested a CVE number for all illumos distros, but the CVE > folks haven't gotten back to me yet. > > Thank you! > Dan McDonald -- OmniOS Engineering > > _______________________________________________ > OmniOS-discuss mailing list > [email protected] > http://lists.omniti.com/mailman/listinfo/omnios-discuss
_______________________________________________ OmniOS-discuss mailing list [email protected] http://lists.omniti.com/mailman/listinfo/omnios-discuss
