An authentication bypass and three local privilege-escalation (LPE) bugs have been uncovered in OpenBSD, the Unix-like open-source operating system. The most severe of the vulnerabilities is the bypass (CVE-2019-19521), which is remotely exploitable. The research firm that found the bugs, Qualys, issued an advisory issued this week. Its real-world impact should be studied on a case-by-case basis, Qualys said.
Source: https://threatpost.com/openbsd-authentication-lpe-bugs/150849/