For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: RELIABILITY FIX: August 2, 2016
All architectures
Missing overflow checks in uvm may result in panics.
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: August 6, 2016
All architectures
Fixes IO::Socket::IP complaining about non-numeric version numbers.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: August 6, 2016
All architectures
Improve relayd's parsing of the Host-header by following RFC 7230
Section 5.4 more strictly.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: August 23, 2016
All architectures
A missing initialization can prevent mail headers from being altered as
intended, resulting in mail being sent to incorrect addresses.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: September 17, 2016
All architectures
Limit the number of wscons fonts that can be loaded into the kernel.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: September 17, 2016
All architectures
During parsing of the iked(8) configuration, a variable is set to 0
by mistake, disabling Pre-Shared Key authentication.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: September 22, 2016
All architectures
Revert change that cleans up the EVP cipher context in EVP_EncryptFinal()
and EVP_DecryptFinal(). Some software relies on the previous behaviour.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: September 22, 2016
All architectures
Avoid unbounded memory growth in libssl, which can be triggered by a TLS
client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: September 22, 2016
All architectures
Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
A source code patch exists which remedies this problem.
-
010: RELIABILITY FIX: October 3, 2016
All architectures
A bug in the smtp session logic can lead to a server crash.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: October 4, 2016
All architectures
Fix a number of issues in the way various X client libraries handle
server responses.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: October 8, 2016
All architectures
Allocation of an amap with at least 131072 slots causes an integer overflow
that leads to an infinite loop.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: October 10, 2016
All architectures
A protocol parsing bug in sshd can lead to unauthenticated memory
and CPU consumption.
A source code patch exists which remedies this problem.
-
014: RELIABILITY FIX: October 13, 2016
All architectures
A logic issue in smtpd's header parsing can cause SMTP sessions to hang.
A source code patch exists which remedies this problem.
-
015: RELIABILITY FIX: November 5, 2016
All architectures
Avoid continual processing of an unlimited number of TLS records.
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: January 5, 2017
All architectures
Avoid possible side-channel leak of ECDSA private keys when signing.
A source code patch exists which remedies this problem.
-
017: RELIABILITY FIX: January 31, 2017
All architectures
A bug in the processing of range headers in httpd can lead to memory
exhaustion and a crash of httpd. This patch disables range header
processing.
A source code patch exists which remedies this problem.
-
018: SECURITY FIX: March 1, 2017
All architectures
WiFi clients using WPA1 or WPA2 are vulnerable to a man-in-the-middle attack
by rogue access points.
A source code patch exists which remedies this problem.
-
019: RELIABILITY FIX: March 9, 2017
All architectures
Prevent integer overflow in PF when calculating the adaptive timeout,
causing spuriously expired states under pressure.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: March 20, 2017
All architectures
ELF auxiliary vector storage leaks piece of kernel stack.
A source code patch exists which remedies this problem.
-
021: RELIABILITY FIX: May 2, 2017
All architectures
softraid was unable to create usable concat volumes because
it always set the size of the volume to zero sectors.
A source code patch exists which remedies this problem.
-
022: RELIABILITY FIX: May 8, 2017
All architectures
Incorrect DTLS cookie handling can result in a NULL pointer dereference.
A source code patch exists which remedies this problem.
-
023: SECURITY FIX: May 13, 2017
All architectures
Heap-based buffer overflows in freetype can result in out-of-bounds writes.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: May 19, 2017
All architectures
An additional mitigation is added by placing a gap of 1 MB between the
stack and mmap spaces.
A source code patch exists which remedies this problem.
-
025: RELIABILITY FIX: May 22, 2017
All architectures
The kernel could leak memory when processing ICMP packets with IP options.
Note that pf blocks such packets by default.
A source code patch exists which remedies this problem.
-
026: SECURITY FIX: June 4, 2017
All architectures
A race condition exists in the File::Path perl module.
A source code patch exists which remedies this problem.
-
027: SECURITY FIX: June 12, 2017
hppa
An integer overflow exists in two range checks of the sti(4) display driver.
A source code patch exists which remedies this problem.
-
028: RELIABILITY FIX: June 12, 2017
All architectures
An unprivileged user can cause a kernel crash.
A source code patch exists which remedies this problem.
-
029: RELIABILITY FIX: August 3, 2017
All architectures
A SIGIO-related use-after-free can occur in two drivers.
A source code patch exists which remedies this problem.
-
030: RELIABILITY FIX: August 3, 2017
All architectures
A missing length check in sendsyslog() may result in a kernel panic.
A source code patch exists which remedies this problem.
-
031: SECURITY FIX: August 3, 2017
All architectures
An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE)
may result in a kernel panic or info leak.
A source code patch exists which remedies this problem.
-
032: SECURITY FIX: August 3, 2017
All architectures
An alignment issue in recv() may result in an info leak via ktrace().
A source code patch exists which remedies this problem.
-
033: SECURITY FIX: August 3, 2017
All architectures
With an invalid address family, tcp_usrreq() may take an unintended code path.
A source code patch exists which remedies this problem.
-
034: SECURITY FIX: August 3, 2017
All architectures
Missing socket address validation from userland may result in an info leak.
A source code patch exists which remedies this problem.
-
035: SECURITY FIX: August 3, 2017
All architectures
An uninitialized variable in ptrace() may result in an info leak.
A source code patch exists which remedies this problem.
-
036: SECURITY FIX: August 3, 2017
All architectures
An uninitialized variable in fcntl() may result in an info leak.
A source code patch exists which remedies this problem.
-
037: RELIABILITY FIX: August 3, 2017
All architectures
An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bounds
read.
A source code patch exists which remedies this problem.
-
038: SECURITY FIX: August 3, 2017
All architectures
A race condition may result in a kernel memory leak.
A source code patch exists which remedies this problem.
-
039: SECURITY FIX: August 3, 2017
All architectures
An out of bounds read could occur during processing of EAPOL frames in
the wireless stack. Information from kernel memory could be leaked to
root in userland via an ieee80211(9) ioctl.
A source code patch exists which remedies this problem.
-
040: SECURITY FIX: August 26, 2017
amd64 and i386
SMAP enforcement could be bypassed by userland code.
A source code patch exists which remedies this problem.
-
041: SECURITY FIX: August 30, 2017
All architectures
State transition errors could cause reinstallation of old WPA keys.
A source code patch exists which remedies this problem.
-
042: SECURITY FIX: September 22, 2017
All architectures
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.
A source code patch exists which remedies this problem.
-
043: RELIABILITY FIX: September 27, 2017
amd64
Out of bounds TCB settings may result in a kernel panic.
A source code patch exists which remedies this problem.
-
044: RELIABILITY FIX: October 4, 2017
amd64
An unprivileged user can cause a kernel crash.
A source code patch exists which remedies this problem.
-
045: SECURITY FIX: October 4, 2017
amd64
A kernel executable address was leaked to userland.
A source code patch exists which remedies this problem.