BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: February 2nd, 2018 (kernel)

Errata patches for a number of kernel issues have been released for
OpenBSD 6.2 and 6.1.

Specially crafted IPsec AH packets with IP options or IPv6 extension
headers could cause a crash or hang.

Processing IPv6 fragments could incorrectly access memory of an mbuf
chain that is not within an mbuf, which may cause a crash.

If the EtherIP tunnel protocol was disabled, IPv6 packets were not
discarded properly, which causes a double free.

Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata pages:

  https://www.openbsd.org/errata61.html
  https://www.openbsd.org/errata62.html

As these affect the kernel, a reboot will be needed after patching.