Some of you probably have been tracking VENOM (aka. CVE-2015-3456).
I have patched the qemu that OmniOS's KVM uses with a VENOM fix and pushed
updates on to the repo servers. Source people can consult:
https://github.com/joyent/illumos-kvm-cmd/commit/407546e5132f54065f3f78ac293ad7a8d16bf57c
for the fix itself.
r151006 --> new system/kvm package, with just VENOM patched.
r151014 --> new system/kvm package, with just VENOM patched.
r151012 --> new system/kvm AND driver/virtualization/kvm. VENOM is patched, and
due to 012's closeness to 014, the 014 performance changes came along for the
ride.
I'd recommend:
1.) Shutting down all KVM instances, and make sure "pgrep qemu" in the global
zone shows no processes. If you still see qemu processes, kill them after
insuring your KVMs are shut down.
2.) pkg update
3.) Restarting your KVM instances, all of which will use the new, patched QEMU.
Thank you folks!
Dan
_______________________________________________
OmniOS-discuss mailing list
[email protected]
http://lists.omniti.com/mailman/listinfo/omnios-discuss
