Contributed by rueda on from the patch now! dept.
In response to the DEF CON presentation by Ilja van Sprundel, a large set of kernel patches have been released (for OpenBSD 6.0 and 6.1). These important patches should be applied ASAP!
From the announce@ mailing list:
Errata patches for a number of kernel issues have been released for OpenBSD 6.1 and 6.0.
A SIGIO-related use-after-free can occur in two drivers. A missing length check in sendsyslog() may result in a kernel panic. An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE) may result in a kernel panic or info leak. An alignment issue in recv() may result in an info leak via ktrace(). With an invalid address family, tcp_usrreq() may take an unintended code path. Missing socket address validation from userland may result in an info leak. An uninitialized variable in ptrace() may result in an info leak. An uninitialized variable in fcntl() may result in an info leak. An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bound read. A race condition in sosplice() may result in a kernel memory leak. An out-of-bound read could occur during processing of EAPOL frames in the wireless stack. Information from kernel memory could be leaked to root in userland via an ieee80211(9) ioctl. Binary updates for the amd64 and i386 platforms are available via the syspatch utility. Source code patches can be found on the respective errata pages: https://www.openbsd.org/errata60.html https://www.openbsd.org/errata61.html As these affect the kernel, a reboot will be needed after patching.
(Comments are closed)
By Chas (142.79.57.1) on
-Bugs are stll easy to find in [*BSD] kernels. Even OpenBSD.
-Varying level of quality depending on age and who wrote it
--Most consistent quality was observed with OpenBSD
The maintainers of various BSDs should talk more among each other
--Several bugs in one were fixed in the other
--OpenBSD expired proc pointer in midiioctl() fixed in NetBSD
--NetBSD signedness bug in ac97_query_devinfo() fixed in OpenBSD
https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf
Comments
By Anonymous Coward (138.59.50.4) on
>
>
> -Bugs are stll easy to find in [*BSD] kernels. Even OpenBSD.
>
> -Varying level of quality depending on age and who wrote it
>
> --Most consistent quality was observed with OpenBSD
>
> The maintainers of various BSDs should talk more among each other
>
> --Several bugs in one were fixed in the other
>
> --OpenBSD expired proc pointer in midiioctl() fixed in NetBSD
>
> --NetBSD signedness bug in ac97_query_devinfo() fixed in OpenBSD
>
What you can do is apply those patches ASAP! you slacker...