====================================================================

                             CERT-Renater

                 Note d'Information No. 2019/VULN391

_____________________________________________________________________

DATE                : 10/12/2019

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): OpenBSD cersions 6.5, 6.6.

=====================================================================
https://marc.info/?l=openbsd-announce&m=157584963126218&w=2
https://marc.info/?l=openbsd-announce&m=157545817332281&w=2
https://marc.info/?l=openbsd-announce&m=157545818432284&w=2
https://marc.info/?l=openbsd-announce&m=157545818532285&w=2
_____________________________________________________________________

Errata patches for su have been released for OpenBSD 6.5 and 6.6.

A user can log in with a different user's login class.

Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:

  https://www.openbsd.org/errata65.html
  https://www.openbsd.org/errata66.html

_____________________________________________________________________

Errata patches for xenodm have been released for OpenBSD 6.5 and 6.6.

xenodm uses the libc authentication layer incorrectly.

Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:

  https://www.openbsd.org/errata65.html
  https://www.openbsd.org/errata66.html
_____________________________________________________________________

Errata patches for libc have been released for OpenBSD 6.5 and 6.6.

libc's authentication layer performed insufficient username validation.

Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:

  https://www.openbsd.org/errata65.html
  https://www.openbsd.org/errata66.html
_____________________________________________________________________

Errata patches for Mesa have been released for OpenBSD 6.5 and 6.6.

Environment-provided paths are used for dlopen() in mesa, resulting in
escalation to the auth group in xlock(1).

Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:

  https://www.openbsd.org/errata65.html
  https://www.openbsd.org/errata66.html


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================