TPS-2022-003 CVE-2022-3602 OpenSSL 3.0

Overview OpenSSL versions from 3.x through 3.0.7 (earlier than 3.0.7) has been found to be vulnerable to a vulnerability that can lead to crash or unexpected behavior. SmartOS Platform Images 20211216 and later include OpenSSL 3. This affects the only the following components client applications when used from the platform image. curl wget openldap OpenSSL 3.0 is not yet included in any pkgsrc branch, so pkgsrc packages are unaffected.

TPS-2022-002 MNX Migration

Overview Now that MNX has acquired the Triton family of products, this security website has migrated to We are also now using a new issue key TPS instead of JSA. All existing JSA URLs will redirect to the new TPS. Actions You Need to Take There are no specific actions you need to take. Support If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

TPS-2022-001 tmpfs induced panic

Overview An unprivileged user, including users in a zone, with access to a tmpfs can induce a system panic resulting in the system rebooting. Actions taken by Joyent A new platform image is available in the release channel (20220118T183559Z), and updated SmartOS boot images are available in Manta. Actions You Need to Take Triton Operators This platform should be installed and assigned to all SmartOS compute nodes. You can use the following commands to prepare the new platform image.

TPS-2020-001 CVE-2020-27678 - libpam

Overview A critical vulnerability was found in the illumos Pluggable Authentication Module library due to insufficient bounds checking. This issue affects all illumos distributions using illumos PAM. Actions taken by Joyent The illumos community has fixed the issue, which has been merged into Joyent’s fork of illumos. Release platform images dated 20201022 or later are available that resolve this issue. Actions You Need to Take It is recommended for all users to reboot all Triton and SmartOS compute nodes to a platform image that contains the fix.

TPS-2019-003 Intel Microarchitectural Data Sampling (CVE-2018-12127, CVE-2018-12126, CVE-2018-12130, CVE-2019-11091)

Overview This advisory covers four different vulnerabilities, collectively termed Microarchitectural Data Sampling (MDS): Microarchitectural Load Port Data Sampling (MLPDS) - CVE-2018-12127 Microarchitectural Store Buffer Data Sampling (MSBDS) - CVE-2018-12126 Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130 Microarchitectural Uncacheable Data Sampling (MDSUM) – CVE-2019-11091 These vulnerabilities impact customers running on the Triton Public Cloud and operators of Triton Enterprise software. Understanding the Vulnerabilities These vulnerabilities target different parts of the processor’s microarchitecture or implementation.

TPS-2018-008 Insufficient bounds checking in bhyve(8) device model (CVE-2018-17160)

Overview This vulnerability, CVE-2018-17160, was detected and remediated by the FreeBSD community, as detailed in their disclosure. The issue was caused by insufficient bounds checking for one of the emulated virtual devices. The vulnerability could be exploited to permit a guest operating system to overwrite memory in the bhyve(8) processing, making it possible to execute arbitrary code on the host. Actions Taken by Joyent The upstream fix in the FreeBSD bhyve project has been merged into SmartOS and made available for all Triton and SmartOS users in the latest platform image release, 20181206T011455Z.

TPS-2018-007 Intel L1 Terminal Fault Vulnerabilities (CVE-2018-3615, CVE-2018-3620 & CVE-2018-3646)

Overview This advisory covers a series of three different vulnerabilities surrounding Intel hardware, collectively called L1 Terminal Fault (L1TF): CVE-2018-3615 - Specific to Intel Software Guard Extensions (SGX) CVE-2018-3620 - Specific to Operating Systems and System Management Mode (SMM) CVE-2018-3646 - Specific to Virtual Machine Monitors (VMM) / Hypervisors Of these three CVEs, only the latter two apply to Triton public cloud and Triton Enterprise software customers. Joyent customers are not affected by the first CVE.

TPS-2018-006 Intel floating point unit (FPU) register state issue (CVE-2018-3665)

Overview/Description Recently, the embargo has been broken on an Intel microprocessor issue that affects operating systems that lazily save floating point unit (FPU) register state: CVE-2018-3665. While SmartOS is affected by this issue, Intel included Joyent in the embargoed information, with adequate time for us to develop and validate a fix. Actions Taken by Joyent The fix has been made available for upstream inclusion and is in the process of being deployed to the Triton Cloud (public cloud).

TPS-2018-004 Intel Security Findings "Meltdown" and "Spectre"

Overview This notice is to advise Joyent customers of the potential security vulnerabilities surrounding Intel hardware, known as Spectre and Meltdown: CVE-2017-5753 CVE-2017-5715 CVE-2017-5754 Description Details surrounding Intel’s findings regarding Spectre and Meltdown can be reviewed here. Additional information can be reviewed here and here. Actions Taken by Joyent Joyent has created a new Platform Image (PI) containing KPTI (Kernel Page Table Isolation) and PCID (Process Context Identifier). We are in the process of applying this PI across the Triton Cloud (public cloud).

TPS-2018-003 ZDI-CAN-5106

Overview This notice is to advise Triton Cloud (public cloud) users, Triton On-Premises Software operators, and Open Source Triton users of a vulnerability reported by Zero Day Initiative (ZDI). Description The following security vulnerability has been identified by Ben Murphy with Zero Day Initiative: ZDI-CAN-5106. Through ZDI, we have previously been made aware of this vulnerability. Here is a brief description of the issue and its resolution: Issue: A malicious DTrace helper can lead to zone escape via out-of-bounds relocation.