SB2017062607 - Two vulnerabilities in OpenBSD

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: N/A)

The vulnerability allows a local attacker to trigger memory corruption on the target system.

The weakness exists due to integer overflow in the sti(4) display driver. A local attacker can run a specially crafted application to trigger memory corruption.

2) Memory corruption (CVE-ID: N/A)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to memory free error in wsmux_getmux(). A local attacker can trigger memory corruption and cause the kernel to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/027_sti.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/028_wsmux.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/011_sti.patch.sig
• https://ftp.openbsd.org/pub/OpenBSD/patches/6.1/common/012_wsmux.patch.sig