I've just pushed a collection of illumos-gate CVE fixes for a9.
This covers:
- 5378 CVE-2014-3158 ppp: integer overflow in option parsing
- 5480 CVE-2012-3165 mailx(1) buffer overflow vulnerability
- 5481 CVE-2012-1750 mailx(1) tilde expansion vulnerability
- 5853 pfexec_call() error handling could be improved
5854 pfexecd should initialize pfexec response buffers
(Not sure what CVE this actually was assigned.)
I've also pushed the NVIDIA driver update to 304.125 and the missing
pieces of the Delphix vmxnet3s driver patchset.
The new packages are:
[email protected],5.11-0.151.1.9:20150504T114725Z
system/network/[email protected],5.11-0.151.1.9:20150504T120317Z
consolidation/nvidia/[email protected],5.11-0.151.1.9:20150504T113748Z
driver/graphics/[email protected],5.11-0.151.1.9:20150504T113958Z
driver/network/[email protected],5.11-0.151.1.9:20150504T114139Z
For those interested in an up to date OI branded illumos-gate, I've
finished getting the OI patches done so anyone wishing to work with that
can grab it here: https://github.com/OpenIndiana/illumos-gate
That should build fine with GCC on hipster. If you build it with Studio
on a9 you'll get a warning about clog
(https://www.illumos.org/issues/5353) and warnings about pointers that
can be fixed with
https://paste.ec/paste/sDXMLQXR#DnPbnxkm9tFNmX0WxH1rWdV6CjIpGRmcKwfP2HOCgFE
I've deliberately left out any broadcom patches that we had as there
seems to be a mishmash of patches around from various sources and it's
better for everyone if people look and work against upstream illumos-gate.
Regards,
Jon
_______________________________________________
oi-dev mailing list
[email protected]
http://openindiana.org/mailman/listinfo/oi-dev
