Monday, July 27, 2015

new errata for TCP, exec, and patch

A few patches are now available. Please consult the website for details.

OpenBSD 5.6 errata:
http://www.openbsd.org/errata56.html

027: SECURITY FIX: July 14, 2015 All architectures
A TCP socket can become confused and not properly cleanup resources.
A source code patch exists which remedies this problem.

028: RELIABILITY FIX: July 26, 2015 All architectures
A kernel memory leak could be triggered by an unprivileged user in a failure
case when using execve under systrace.
A source code patch exists which remedies this problem.

029: SECURITY FIX: July 26, 2015 All architectures
The patch utility could be made to invoke arbitrary commands via the obsolete
SCCS and RCS support when processing a crafted input file. This patch deletes
the SCCS and RCS support.
A source code patch exists which remedies this problem.

OpenBSD 5.7 errata:
http://www.openbsd.org/errata57.html

010: SECURITY FIX: July 14, 2015 All architectures
A TCP socket can become confused and not properly cleanup resources.
A source code patch exists which remedies this problem.

011: RELIABILITY FIX: July 26, 2015 All architectures
A kernel memory leak could be triggered by an unprivileged user in a failure
case when using execve under systrace.
A source code patch exists which remedies this problem.

012: SECURITY FIX: July 26, 2015 All architectures
The patch utility could be made to invoke arbitrary commands via the obsolete
RCS support when processing a crafted input file. This patch deletes the RCS
support.
A source code patch exists which remedies this problem.

No comments:

Post a Comment