For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
7.5.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: SECURITY FIX: March 10, 2016
All architectures
Lack of credential sanitization allows injection of commands to xauth(1).
Prevent this problem immediately by not using the "X11Forwarding" feature
(which is disabled by default)
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: March 16, 2016
All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: March 16, 2016
All architectures
Incorrect path processing in pledge_namei() could result in unexpected
program termination of pledge(2)'d programs.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: April 30, 2016
All architectures
A problem in m_dup_pkt() can result in kernel crashes with carp(4).
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: May 3, 2016
All architectures
Fix issues in the libcrypto library.
Refer to the advisory.
- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 16, 2016
All architectures
Fix issues in smtpd.
- Fix logic issue in smtp state machine that can lead to invalid state and result in crash.
- Plug file pointer leak that can lead to resources exhaustion and result in crash.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: May 17, 2016
All architectures
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: May 18, 2016
All architectures
Fix issue in the bnx(4) ethernet driver that could cause data corruption.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: May 29, 2016
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 2, 2016
All architectures
Fix issues in the libexpat library to prevent multiple integer and
buffer overflows.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 6, 2016
All architectures
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
A source code patch exists which remedies this problem.
-
012: SECURITY FIX: June 27, 2016
All architectures
Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: July 14, 2016
All architectures
Splicing sockets in a loop could cause a kernel spin.
A source code patch exists which remedies this problem.
-
014: RELIABILITY FIX: July 14, 2016
All architectures
Multiple processes exiting with a fd-passing control message on a
shared socket could crash the system.
A source code patch exists which remedies this problem.
-
015: RELIABILITY FIX: July 14, 2016
All architectures
ufs_readdir failed to limit size of memory allocation, leading to panics.
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: July 14, 2016
All architectures
The mmap extension __MAP_NOFAULT could overcommit resources and crash
the system.
A source code patch exists which remedies this problem.
-
017: RELIABILITY FIX: July 14, 2016
All architectures
A race occurring in the unlocked ARP input path can lead to a kernel
NULL dereference.
A source code patch exists which remedies this problem.
-
018: RELIABILITY FIX: July 14, 2016
All architectures
Tick counting overflows could cause a kernel crash.
A source code patch exists which remedies this problem.
-
019: RELIABILITY FIX: July 14, 2016
All architectures
Invalid file descriptor use with kevent(2) could lead to a kernel crash.
A source code patch exists which remedies this problem.
-
020: RELIABILITY FIX: July 14, 2016
All architectures
Unchecked parameters and integer overflows in the amap allocation routines
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.
A source code patch exists which remedies this problem.
-
021: RELIABILITY FIX: July 25, 2016
All architectures
When signaling an error to an HTTP relay client, the connection can be
terminated prematurely, leading to a crash.
A source code patch exists which remedies this problem.
-
022: RELIABILITY FIX: August 2, 2016
All architectures
A missing NULL check in sysctl code results in a crash.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: August 2, 2016
All architectures
Missing overflow checks in uvm may result in panics.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: August 6, 2016
All architectures
Don't look in the current working directory for perl modules to load.
See the
perl5-porters announcement for details.
A source code patch exists which remedies this problem.
-
025: RELIABILITY FIX: August 6, 2016
All architectures
Improve relayd's parsing of the Host-header by following RFC 7230
Section 5.4 more strictly.
A source code patch exists which remedies this problem.
-
026: RELIABILITY FIX: September 17, 2016
All architectures
Limit the number of wscons fonts that can be loaded into the kernel.
A source code patch exists which remedies this problem.
-
027: RELIABILITY FIX: September 22, 2016
All architectures
Avoid unbounded memory growth in libssl, which can be triggered by a TLS
client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
A source code patch exists which remedies this problem.
-
028: SECURITY FIX: September 22, 2016
All architectures
Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
A source code patch exists which remedies this problem.
-
029: SECURITY FIX: October 4, 2016
All architectures
Fix a number of issues in the way various X client libraries handle
server responses.
A source code patch exists which remedies this problem.
-
030: RELIABILITY FIX: October 10, 2016
All architectures
A protocol parsing bug in sshd can lead to unauthenticated memory
and CPU consumption.
A source code patch exists which remedies this problem.
-
031: RELIABILITY FIX: October 13, 2016
All architectures
A logic issue in smtpd's header parsing can cause SMTP sessions to hang.
A source code patch exists which remedies this problem.
-
032: RELIABILITY FIX: November 5, 2016
All architectures
Avoid continual processing of an unlimited number of TLS records.
A source code patch exists which remedies this problem.
-
033: SECURITY FIX: January 5, 2017
All architectures
Avoid possible side-channel leak of ECDSA private keys when signing.
A source code patch exists which remedies this problem.
-
034: RELIABILITY FIX: January 31, 2017
All architectures
A bug in the processing of range heanders in httpd can lead to memory
exhaustion and a crash of httpd. This patch disables range heander
processing.
A source code patch exists which remedies this problem.
-
035: SECURITY FIX: March 1, 2017
All architectures
WiFi clients using WPA1 or WPA2 are vulnerable to a man-in-the-middle attack
by rogue access points.
A source code patch exists which remedies this problem.
-
036: RELIABILITY FIX: March 9, 2017
All architectures
Prevent integer overflow in PF when calculating the adaptive timeout,
causing spuriously expired states under pressure.
A source code patch exists which remedies this problem.
-
037: SECURITY FIX: March 20, 2017
All architectures
ELF auxiliary vector storage leaks piece of kernel stack.
A source code patch exists which remedies this problem.