OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Large Batch of Kernel Errata Patches Released
Contributed by rueda on Fri Aug 04 00:24:23 2017 (GMT)
from the patch now! dept.

In response to the DEF CON presentation by Ilja van Sprundel, a large set of kernel patches have been released (for OpenBSD 6.0 and 6.1). These important patches should be applied ASAP!

From the announce@ mailing list:

Errata patches for a number of kernel issues have been released for
OpenBSD 6.1 and 6.0.

A SIGIO-related use-after-free can occur in two drivers.

A missing length check in sendsyslog() may result in a kernel panic.

An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE)
may result in a kernel panic or info leak.

An alignment issue in recv() may result in an info leak via ktrace().

With an invalid address family, tcp_usrreq() may take an unintended code

Missing socket address validation from userland may result in an info leak.

An uninitialized variable in ptrace() may result in an info leak.

An uninitialized variable in fcntl() may result in an info leak.

An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bound

A race condition in sosplice() may result in a kernel memory leak.

An out-of-bound read could occur during processing of EAPOL frames in
the wireless stack. Information from kernel memory could be leaked to
root in userland via an ieee80211(9) ioctl.

Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:

As these affect the kernel, a reboot will be needed after patching.

<< mandoc-1.14.2 released | Reply | Flattened | Expanded | Beta Update - Request for (more) Testing >>

Threshold: Help

Related Links
more by rueda

  DEFCON PDF (mod 8/8)
by Chas ( on Fri Aug 4 16:24:15 2017 (GMT)
  What can be done to make OpenBSD even better? The lines below are from the conclusions page of the presentation.

-Bugs are stll easy to find in [*BSD] kernels. Even OpenBSD.

-Varying level of quality depending on age and who wrote it

--Most consistent quality was observed with OpenBSD

The maintainers of various BSDs should talk more among each other

--Several bugs in one were fixed in the other

--OpenBSD expired proc pointer in midiioctl() fixed in NetBSD

--NetBSD signedness bug in ac97_query_devinfo() fixed in OpenBSD
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
      Re: DEFCON PDF (-6/6) by Anonymous Coward on Mon Aug 7 16:50:49 2017 (GMT)

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. Some icons from used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]