For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
7.5.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: SECURITY FIX: August 30, 2015
All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
Use "no" (which is the installer default), or apply the following patch.
A source code patch exists which remedies this problem.
-
002: INTEROPERABILITY FIX: August 30, 2015
All architectures
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: September 28, 2015
All architectures
An incorrect operation in uvm could result in system panics.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
- local and remote users could make smtpd crash or stop serving requests.
- a buffer overflow in the unprivileged, non-chrooted smtpd (lookup)
process could allow a local user to cause a crash or potentially
execute arbitrary code.
- a use-after-free in the unprivileged, non-chrooted smtpd (lookup)
process could allow a remote attacker to cause a crash or potentially
execute arbitrary code.
- hardlink and symlink attacks allowed a local user to unset chflags or
leak the first line of an arbitrary file.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
of service).
A source code patch exists which remedies this problem.
-
006: RELEASE CD ISSUE: Oct 18, 2015
All architectures
The "src.tar.gz" file on the source tree was created on the wrong day,
and does not match the 5.8 release builds.
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
-
007: RELIABILITY FIX: October 15, 2015
All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: November 9, 2015
All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: Dec 3, 2015
All architectures
A NULL pointer dereference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: January 14, 2016
All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
server, potentially leaking key material. CVE-2016-0777 and CVE-0216-0778.
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: March 10, 2016
All architectures
Lack of credential sanitization allows injection of commands to xauth(1).
Prevent this problem immediately by not using the "X11Forwarding" feature
(which is disabled by default)
A source code patch exists which remedies this problem.
-
012: SECURITY FIX: March 16, 2016
All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
A source code patch exists which remedies this problem.
-
013: SECURITY FIX: May 3, 2016
All architectures
Fix issues in the libcrypto library.
Refer to the OpenSSL advisory.
- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)
A source code patch exists which remedies this problem.
-
014: SECURITY FIX: May 17, 2016
All architectures
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
A source code patch exists which remedies this problem.
-
015: RELIABILITY FIX: May 29, 2016
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: June 2, 2016
All architectures
Fix issues in the libexpat library to prevent multiple integer and buffer overflows.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: June 6, 2016
All architectures
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
A source code patch exists which remedies this problem.
-
018: RELIABILITY FIX: July 14, 2016
All architectures
Splicing sockets in a loop could cause a kernel spin.
A source code patch exists which remedies this problem.
-
019: RELIABILITY FIX: July 14, 2016
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: July 14, 2016
All architectures
The mmap extension __MAP_NOFAULT could overcommit resources and crash
the system.
A source code patch exists which remedies this problem.
-
021: RELIABILITY FIX: July 14, 2016
All architectures
Tick counting overflows could cause a kernel crash.
A source code patch exists which remedies this problem.
-
022: RELIABILITY FIX: July 14, 2016
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: July 14, 2016
All architectures
Unchecked parameters and integer overflows in the amap allocation routines
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.
A source code patch exists which remedies this problem.
-
024: RELIABILITY FIX: July 25, 2016
All architectures
When signaling an error to an HTTP relay client, the connection can be
terminated prematurely, leading to a crash.
A source code patch exists which remedies this problem.
-
025: RELIABILITY FIX: August 2, 2016
All architectures
A missing NULL check in sysctl code results in a crash.
A source code patch exists which remedies this problem.
-
026: RELIABILITY FIX: August 2, 2016
All architectures
Missing overflow checks in uvm may result in panics.
A source code patch exists which remedies this problem.
-
027: SECURITY FIX: August 6, 2016
All architectures
Don't look in the current working directory for perl modules to load.
See the
perl5-porters announcement for details.
A source code patch exists which remedies this problem.
-
028: RELIABILITY FIX: August 6, 2016
All architectures
Improve relayd's parsing of the Host-header by following RFC 7230
Section 5.4 more strictly.
A source code patch exists which remedies this problem.