OpenBSD Errata: August 3rd, 2017 (kernel)
3 August, 2017 by tj@openbsd.org | openbsd
Errata patches for a number of kernel issues have been released for OpenBSD 6.1 and 6.0. A SIGIO-related use-after-free can occur in two drivers. A missing length check in sendsyslog() may result in a kernel panic. An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE) may result in a kernel panic or info leak. An alignment issue in recv() may result in an info leak via ktrace(). With an invalid address family, tcp_usrreq() may take an unintended code path. Missing socket address validation from userland may result in an info leak. An uninitialized variable in ptrace() may result in an info leak. An uninitialized variable in fcntl() may result in an info leak. An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bound read. A race condition in sosplice() may result in a kernel memory leak. An out-of-bound read could occur during processing of EAPOL frames in the wireless stack. Information from kernel memory could be leaked to root in userland via an ieee80211(9) ioctl. Binary updates for the amd64 and i386 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages: https://www.openbsd.org/errata60.html https://www.openbsd.org/errata61.html As these affect the kernel, a reboot will be needed after patching.