BSDSec

OpenBSD Errata: August 3rd, 2017 (kernel)

3 August, 2017 by tj@openbsd.org | openbsd

Errata patches for a number of kernel issues have been released for
OpenBSD 6.1 and 6.0.

A SIGIO-related use-after-free can occur in two drivers.

A missing length check in sendsyslog() may result in a kernel panic.

An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE)
may result in a kernel panic or info leak.

An alignment issue in recv() may result in an info leak via ktrace().

With an invalid address family, tcp_usrreq() may take an unintended code
path.

Missing socket address validation from userland may result in an info leak.

An uninitialized variable in ptrace() may result in an info leak.

An uninitialized variable in fcntl() may result in an info leak.

An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bound
read.

A race condition in sosplice() may result in a kernel memory leak.

An out-of-bound read could occur during processing of EAPOL frames in
the wireless stack. Information from kernel memory could be leaked to
root in userland via an ieee80211(9) ioctl.

Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:

  https://www.openbsd.org/errata60.html
  https://www.openbsd.org/errata61.html

As these affect the kernel, a reboot will be needed after patching.