For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: RELIABILITY FIX: October 13, 2017
amd64
A local user could trigger a kernel panic by using an invalid TCB value.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: December 1, 2017
All architectures
The fktrace(2) system call had insufficient security checks.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: December 10, 2017
All architectures
A number of bugs were discovered in the MPLS stack that can be used to
remotely trigger kernel crashes.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: January 14, 2018
All architectures
An incorrect TLS extensions block is generated when no extensions are present,
which can result in handshake failures.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: February 2, 2018
All architectures
Specially crafted IPsec AH packets with IP options or IPv6 extension
headers could crash or hang the kernel.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: February 2, 2018
All architectures
Processing IPv6 fragments could incorrectly access memory of an mbuf
chain that is not within an mbuf. This may crash the kernel.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: February 2, 2018
All architectures
If the EtherIP tunnel protocol was disabled, IPv6 packets were not
discarded properly. This causes a double free in the kernel.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: February 8, 2018
All architectures
A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: March 1, 2018
amd64
Intel CPUs contain a speculative execution flaw called Meltdown which
allows userspace programs to access kernel memory.
A complex workaround solves this problem.
-
010: RELIABILITY FIX: March 20, 2018
All architectures
The IPsec AH header could be longer than the network packet, resulting in
a kernel crash.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: April 14, 2018
All architectures
Heap overflows exist in perl which can lead to segmentation faults,
crashes, and reading memory past the buffer.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: April 21, 2018
All architectures
httpd can leak file descriptors when servicing range requests.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: May 8, 2018
All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
A source code patch exists which remedies this problem.
-
014: RELIABILITY FIX: May 17, 2018
All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
A source code patch exists which remedies this problem.
-
015: SECURITY FIX: June 14, 2018
All architectures
DSA and ECDSA signature generation can potentially leak secret information
to a timing side-channel attack.
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: June 21, 2018
All architectures
Perl's Archive::Tar module could be made to write files outside of
its working directory.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: June 21, 2018
amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
so data (including AES keys) from previous contexts could be discovered
if using the lazy-save approach.
A source code patch exists which remedies this problem.
-
018: RELIABILITY FIX: July 25, 2018
All architectures
A regular user could trigger a kernel panic by executing an invalid
ELF binary.
A source code patch exists which remedies this problem.
-
019: SECURITY FIX: July 31, 2018
amd64 and i386
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
instruction against speculation.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: July 31, 2018
i386
IO port permissions were incorrectly restricted.
A source code patch exists which remedies this problem.
-
021: RELIABILITY FIX: August 4, 2018
amd64
Incorrect initialization of the FPU caused floating point exceptions
when running on Xen.
A source code patch exists which remedies this problem.
-
022: SECURITY FIX: August 24, 2018
amd64
State from the FPU of one userland process could be exposed to other processes.
A source code patch exists which remedies this problem.
-
023: SECURITY FIX: August 24, 2018
amd64
The Intel L1TF bug allows a vmm guest to read host memory.
Install the CPU firmware using fw_update(1), and apply this workaround.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: September 21, 2018
amd64
On AMD CPUs, LDTR must be managed crossing between VMs.
A source code patch exists which remedies this problem.