Overview A critical vulnerability was found in the illumos Pluggable Authentication Module library due to insufficient bounds checking. This issue affects all illumos distributions using illumos PAM. Actions taken by Joyent The illumos community has fixed the issue, which has been merged into Joyent’s fork of illumos. Release platform images dated 20201022 or later are available that resolve this issue. Actions You Need to Take It is recommended for all users to reboot all Triton and SmartOS compute nodes to a platform image that contains the fix.

Overview This advisory covers four different vulnerabilities, collectively termed Microarchitectural Data Sampling (MDS): Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2018-12127 Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12126 Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130 Microarchitectural Uncacheable Data Sampling (MDSUM) – CVE-2019-11091 These vulnerabilities impact customers running on the Triton Public Cloud and operators of Triton Enterprise software. Understanding the Vulnerabilities These vulnerabilities target different parts of the processor’s microarchitecture or implementation.

Overview In the process of creating images, some of Joyent’s internal-use SSH public keys were inadvertently left in certain published images. This led to the risk of potential unauthorized access to instances using the affected images. Joyent acknowledges the assistance of an Open Source user in discovering this issue. Background Joyent creates and publishes images to our Triton public cloud. These images are of various operating systems, to be used by customers in creating instances that run on the cloud.

Overview CVE-2019-5736 has been detected and remediation has been strategized, as detailed here. This vulnerability relies on an unsafe container configuration known as privileged containers. SmartOS is immune to this attack. While Triton and SmartOS implement the same interface as Docker, the runC program that is used on Linux is not used in SmartOS. SmartOS is immune to similar vulnerabilities that may exist in any other program because the SmartOS handles per-zone identity in a stricter fashion than Linux privileged containers.

Overview This vulnerability, CVE-2018-17160, was detected and remediated by the FreeBSD community, as detailed in their disclosure. The issue was caused by insufficient bounds checking for one of the emulated virtual devices. The vulnerability could be exploited to permit a guest operating system to overwrite memory in the bhyve(8) processing, making it possible to execute arbitrary code on the host. Actions Taken by Joyent The upstream fix in the FreeBSD bhyve project has been merged into SmartOS and made available for all Triton and SmartOS users in the latest platform image release, 20181206T011455Z.

Overview This advisory covers a series of three different vulnerabilities surrounding Intel hardware, collectively called L1 Terminal Fault (L1TF): CVE-2018-3615 - Specific to Intel Software Guard Extensions (SGX) CVE-2018-3620 - Specific to Operating Systems and System Management Mode (SMM) CVE-2018-3646 - Specific to Virtual Machine Monitors (VMM) / Hypervisors Of these three CVEs, only the latter two apply to Triton public cloud and Triton Enterprise software customers. Joyent customers are not affected by the first CVE.

Overview/Description Recently, the embargo has been broken on an Intel microprocessor issue that affects operating systems that lazily save floating point unit (FPU) register state: CVE-2018-3665. While SmartOS is affected by this issue, Intel included Joyent in the embargoed information, with adequate time for us to develop and validate a fix. Actions Taken by Joyent The fix has been made available for upstream inclusion and is in the process of being deployed to the Triton Cloud (public cloud).

Overview This notice is to advise Joyent customers of CVE-2018-8897, a potential security vulnerability surrounding writes to the %ss register. Description In some circumstances, some operating systems may not expect or properly handle an Intel architecture debug exception, after certain instructions involving writes to the %ss register: The issue appears to originate from an undocumented side effect of the instructions. An attacker might utilize this exception handling to gain access to Ring 0 and access sensitive memory, or to control operating system processes.

Overview This notice is to advise Joyent customers of the potential security vulnerabilities surrounding Intel hardware, known as Spectre and Meltdown: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Description Details surrounding Intel’s findings regarding Spectre and Meltdown can be reviewed here. Additional information can be reviewed here and here. Actions Taken by Joyent Joyent has created a new Platform Image (PI) containing KPTI (Kernel Page Table Isolation) and PCID (Process Context Identifier). We are in the process of applying this PI across the Triton Cloud (public cloud).

Overview This notice is to advise Triton Cloud (public cloud) users, Triton On-Premises Software operators, and Open Source Triton users of a vulnerability reported by Zero Day Initiative (ZDI). Description The following security vulnerability has been identified by Ben Murphy with Zero Day Initiative: ZDI-CAN-5106. Through ZDI, we have previously been made aware of this vulnerability. Here is a brief description of the issue and its resolution: Issue: A malicious DTrace helper can lead to zone escape via out-of-bounds relocation.