BSDSec

deadsimple BSD Security Advisories and Announcements

new errata for TCP, exec, and patch

27 July, 2015 by tedu@tedunangst.com | openbsd 

A few patches are now available. Please consult the website for details.

OpenBSD 5.6 errata:
http://www.openbsd.org/errata56.html

 027: SECURITY FIX: July 14, 2015   All architectures
 A TCP socket can become confused and not properly cleanup resources.
 A source code patch exists which remedies this problem.

 028: RELIABILITY FIX: July 26, 2015   All architectures
 A kernel memory leak could be triggered by an unprivileged user in a failure
 case when using execve under systrace.
 A source code patch exists which remedies this problem.

 029: SECURITY FIX: July 26, 2015   All architectures
 The patch utility could be made to invoke arbitrary commands via the obsolete
 SCCS and RCS support when processing a crafted input file. This patch deletes
 the SCCS and RCS support.
 A source code patch exists which remedies this problem.

OpenBSD 5.7 errata:
http://www.openbsd.org/errata57.html

 010: SECURITY FIX: July 14, 2015   All architectures
 A TCP socket can become confused and not properly cleanup resources.
 A source code patch exists which remedies this problem.

 011: RELIABILITY FIX: July 26, 2015   All architectures
 A kernel memory leak could be triggered by an unprivileged user in a failure
 case when using execve under systrace.
 A source code patch exists which remedies this problem.

 012: SECURITY FIX: July 26, 2015   All architectures
 The patch utility could be made to invoke arbitrary commands via the obsolete
 RCS support when processing a crafted input file. This patch deletes the RCS
 support.
 A source code patch exists which remedies this problem.