OmniOS 151038 long term stable

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
G

gea

Well-Known Member
Dec 31, 2010
3,156
1,195
113
DE
OmniOS 151038, Stable and Long-Term-Supported (LTS) Release, TBC of May 2021
github.com

omnios-build/doc/ReleaseNotes.md at r151038 · omniosorg/omnios-build

Build system for OmniOS. Contribute to omniosorg/omnios-build development by creating an account on GitHub.
github.com github.com

There are some important new features available like persistent l2arc, SMB improvements, improvements around Bhyve/LX or improved support for newer hardware ex AMD Zen, Intel X710 or newer chipsets. If you intend a fast switch, you can evaluate the new features in OmniOS 151037 bloody that can be updated in may to 151038.
 
Last edited:
  • Like
Reactions: gb00s
G

gea

Well-Known Member
Dec 31, 2010
3,156
1,195
113
DE
OmniOS 151038q is out
github.com

omnios-build/doc/ReleaseNotes.md at r151038 · omniosorg/omnios-build

Build system for OmniOS. Contribute to omniosorg/omnios-build development by creating an account on GitHub.
github.com github.com

This is a security fix regarding OpenSSL bugs

btw.
OmniOS has a stable every 6 months with newest ZFS features and a long term stable every 2 years with mostly a freeze of new ZFS features but regular security and bug fixes under a release management with dedicated repositories. About twice a month there are security fixes like the current 151038q

All OmniOS releases are Opensource and free including the regular security and bug fixes. You can aquire a commercial support contract for OmniOS and as support with regular updates is a essential option for commercial storage use cases, Commercial Support

For private use you can support OmniOS as a patron, Donate
 
G

gea

Well-Known Member
Dec 31, 2010
3,156
1,195
113
DE
The illumos security team have today published a security advisory concerning CVE-2023-31284, a kernel stack overflow that can be performed by an unprivileged user, either in the global zone or in any non-global zone. A copy of their advisory is below.


ACTION: If you are using any of the supported OmniOS versions, see below, (or the recently retired r42), run pkg update to upgrade to a version that includes the fix. Note, that a reboot is required. If you have already upgraded to r46, then you are all set as it already includes the fix.


The following OmniOS versions include the fix:
omnios.org

Release Notes

illumos based server OS with ZFS, DTrace, Crossbow, SMF, Bhyve, KVM and Linux zone support
omnios.org
  • r151046
  • r151044y
  • r151042az
  • r151038cz

If you are running an earlier version, upgrade to a supported version (in stages if necessary) following Upgrading OmniOS.



##########################
--- illumos Security Team advisory ---


We are reaching out today to inform you about CVE-2023-31284. We have pushed a commit to address this, which you can find at
15586 ddi_parse needs len · illumos/illumos-gate@676abcb. While we don't currently know of anyone exploiting this in the wild, this is a kernel stack overflow that can be performed by an unprivileged user, either in the global zone, or any non-global zone.

The following details provide information about this particular issue:

IMPACT: An unprivileged user in any zone can cause a kernel stack buffer overflow. While stack canaries can capture this and lead to a denial of service, it is possible for a skilled attacker to leverage this for local privilege escalation or execution of arbitrary code (e.g. if combined with another bug such as an information leak).


ACTION: Please be on the look out for patches from your distribution and be ready to update.


MITIGATIONS: Running a kernel built with -fstack-protector (the illumos default) can help mitigate this and turn these issues into a denial of service, but that is not a guarantee. We believe that unprivileged processes which have called chroot(2) with a new root that does not contain the sdev (/dev) filesystem most likely cannot trigger the bug, but an exhaustive analysis is still required.

Please reach out to us if you have any questions, whether on the mailing list, IRC, or otherwise, and we'll try to help as we can.

We'd like to thank Alex Wilson and the students at the University of Queensland for reporting this issue to us, and to Dan McDonald for his work in fixing it.

The illumos Security Team
 
Last edited:
You must log in or register to reply here.
Top Bottom