BSDSec

deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: December 4th, 2019 (libcauth)

Errata patches for libc have been released for OpenBSD 6.5 and 6.6.

libc's authentication layer performed insufficient username validation.

Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:

  https://www.openbsd.org/errata65.html
  https://www.openbsd.org/errata66.html