For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: INTEROPERABILITY FIX: May 2, 2017
All architectures
dhcpd unconditionally echoed the client identifier, preventing some devices
from acquiring a lease.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 2, 2017
amd64
vmm mismanaged floating point contexts.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: May 2, 2017
All architectures
A consistency check error could cause programs to incorrectly verify
TLS certificates when using callbacks that always return 1.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: May 2, 2017
All architectures
softraid was unable to create usable concat volumes because
it always set the size of the volume to zero sectors.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 6, 2017
All architectures
Expired pf source tracking entries never got removed, leading to
memory exhaustion.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 8, 2017
All architectures
Incorrect DTLS cookie handling can result in a NULL pointer dereference.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: May 13, 2017
All architectures
Heap-based buffer overflows in freetype can result in out-of-bounds writes.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: May 19, 2017
All architectures
An additional mitigation is added by placing a gap of 1 MB between the
stack and mmap spaces.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: May 22, 2017
All architectures
The kernel could leak memory when processing ICMP packets with IP options.
Note that pf blocks such packets by default.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 4, 2017
All architectures
A race condition exists in the File::Path perl module.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 12, 2017
hppa
An integer overflow exists in two range checks of the sti(4) display driver.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: June 12, 2017
All architectures
An unprivileged user can cause a kernel crash.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: June 27, 2017
All architectures
When pinging an IPv6 link-local address, the reflected packet had
::1 as source address. The echo reply was ignored as it must be
from the link-local address.
A source code patch exists which remedies this problem.
-
014: RELIABILITY FIX: July 5, 2017
All architectures
Self-issued certificates are improperly treated as self-signed certificates,
leading to possible verification failures.
A source code patch exists which remedies this problem.
-
015: RELIABILITY FIX: August 3, 2017
All architectures
A SIGIO-related use-after-free can occur in two drivers.
A source code patch exists which remedies this problem.
-
016: RELIABILITY FIX: August 3, 2017
All architectures
A missing length check in sendsyslog() may result in a kernel panic.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: August 3, 2017
All architectures
An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE)
may result in a kernel panic or info leak.
A source code patch exists which remedies this problem.
-
018: SECURITY FIX: August 3, 2017
All architectures
An alignment issue in recv() may result in an info leak via ktrace().
A source code patch exists which remedies this problem.
-
019: SECURITY FIX: August 3, 2017
All architectures
With an invalid address family, tcp_usrreq() may take an unintended code path.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: August 3, 2017
All architectures
Missing socket address validation from userland may result in an info leak.
A source code patch exists which remedies this problem.
-
021: SECURITY FIX: August 3, 2017
All architectures
An uninitialized variable in ptrace() may result in an info leak.
A source code patch exists which remedies this problem.
-
022: SECURITY FIX: August 3, 2017
All architectures
An uninitialized variable in fcntl() may result in an info leak.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: August 3, 2017
All architectures
An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bounds
read.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: August 3, 2017
All architectures
A race condition in sosplice() may result in a kernel memory leak.
A source code patch exists which remedies this problem.
-
025: SECURITY FIX: August 3, 2017
All architectures
An out of bounds read could occur during processing of EAPOL frames in
the wireless stack. Information from kernel memory could be leaked to
root in userland via an ieee80211(9) ioctl.
A source code patch exists which remedies this problem.
-
026: SECURITY FIX: August 26, 2017
amd64 and i386
SMAP enforcement could be bypassed by userland code.
A source code patch exists which remedies this problem.
-
027: SECURITY FIX: August 30, 2017
All architectures
State transition errors could cause reinstallation of old WPA keys.
A source code patch exists which remedies this problem.
-
028: SECURITY FIX: September 22, 2017
All architectures
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.
A source code patch exists which remedies this problem.
-
029: RELIABILITY FIX: September 27, 2017
amd64
Out of bounds TCB settings may result in a kernel panic.
A source code patch exists which remedies this problem.
-
030: RELIABILITY FIX: October 4, 2017
amd64
An unprivileged user can cause a kernel crash.
A source code patch exists which remedies this problem.
-
031: SECURITY FIX: October 4, 2017
amd64
A kernel executable address was leaked to userland.
A source code patch exists which remedies this problem.
-
032: RELIABILITY FIX: October 13, 2017
amd64
A local user could trigger a kernel panic by using an invalid TCB value.
A source code patch exists which remedies this problem.
-
033: RELIABILITY FIX: December 10, 2017
All architectures
A number of bugs were discovered in the MPLS stack that can be used to
remotely trigger a kernel panic.
A source code patch exists which remedies this problem.
-
034: RELIABILITY FIX: February 2, 2018
All architectures
Specially crafted IPsec AH packets with IP options or IPv6 extension
headers could crash or hang the kernel.
A source code patch exists which remedies this problem.
-
035: RELIABILITY FIX: February 2, 2018
All architectures
Processing IPv6 fragments could incorrectly access memory of an mbuf
chain that is not within an mbuf. This may crash the kernel.
A source code patch exists which remedies this problem.
-
036: SECURITY FIX: February 2, 2018
All architectures
If the EtherIP tunnel protocol was disabled, IPv6 packets were not
discarded properly. This causes a double free in the kernel.
A source code patch exists which remedies this problem.
-
037: SECURITY FIX: March 1, 2018
amd64
Intel CPUs contain a speculative execution flaw called Meltdown which
allows userspace programs to access kernel memory.
A complex workaround solves the problem.
-
038: RELIABILITY FIX: March 20, 2018
All architectures
The IPsec AH header could be longer than the network packet, resulting in
a kernel crash.
A source code patch exists which remedies this problem.
-
039: SECURITY FIX: April 14, 2018
All architectures
Heap overflows exist in perl which can lead to segmentation faults,
crashes, and reading memory past the buffer.
A source code patch exists which remedies this problem.