Only specifically buggy code or malicious use will cause the panic. The deployment as you describe (esp. No local users) has reduced the risk enough where you can likely wait for your window.
Dan Sent from my iPhone (typos, autocorrect, and all) > On Dec 9, 2014, at 12:47 PM, Paul B. Henson <[email protected]> wrote: > > Is this only an issue if a malicious user intentionally crashes the system, > or could it also potentially occur under regular use? IE, if you have a > system with no local users only providing network services, would this still > be a critical patch or could it wait for a more convenient installation > schedule? The bug report isn't particularly detailed, it's not clear when/why > devzvol_readdir() would call strchr or what would cause that call to return > NULL. > > Thanks... > >> On Dec 9, 2014, at 9:10 AM, Dan McDonald <[email protected]> wrote: >> >> Hello OmniOS users! >> >> Illumos bug 5421 was fixed in all OmniOS repos, and the r151012/Stable >> install media has been updated as well. This bug had allowed an ordinary >> user in the global zone to kernel-panic the machine. That bug is now fixed >> in illumos-gate, and all SUPPORTED OmniOS revisions: >> >> - bloody >> - r151012 (aka. Stable) >> - r151010 (aka. previous Stable) >> - r151006 (aka. Long-Term Support) >> >> If you are on one of these supported OmniOS revisions, run "pkg update" now >> and reboot. I requested a CVE number for all illumos distros, but the CVE >> folks haven't gotten back to me yet. >> >> Thank you! >> Dan McDonald -- OmniOS Engineering >> >> _______________________________________________ >> OmniOS-discuss mailing list >> [email protected] >> http://lists.omniti.com/mailman/listinfo/omnios-discuss
_______________________________________________ OmniOS-discuss mailing list [email protected] http://lists.omniti.com/mailman/listinfo/omnios-discuss
