new errata for TCP, exec, and patch
27 July, 2015 by tedu@tedunangst.com | openbsd
A few patches are now available. Please consult the website for details. OpenBSD 5.6 errata: http://www.openbsd.org/errata56.html 027: SECURITY FIX: July 14, 2015 All architectures A TCP socket can become confused and not properly cleanup resources. A source code patch exists which remedies this problem. 028: RELIABILITY FIX: July 26, 2015 All architectures A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace. A source code patch exists which remedies this problem. 029: SECURITY FIX: July 26, 2015 All architectures The patch utility could be made to invoke arbitrary commands via the obsolete SCCS and RCS support when processing a crafted input file. This patch deletes the SCCS and RCS support. A source code patch exists which remedies this problem. OpenBSD 5.7 errata: http://www.openbsd.org/errata57.html 010: SECURITY FIX: July 14, 2015 All architectures A TCP socket can become confused and not properly cleanup resources. A source code patch exists which remedies this problem. 011: RELIABILITY FIX: July 26, 2015 All architectures A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace. A source code patch exists which remedies this problem. 012: SECURITY FIX: July 26, 2015 All architectures The patch utility could be made to invoke arbitrary commands via the obsolete RCS support when processing a crafted input file. This patch deletes the RCS support. A source code patch exists which remedies this problem.