For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: SECURITY FIX: April 14, 2018
All architectures
Heap overflows exist in perl which can lead to segmentation faults,
crashes, and reading memory past the buffer.
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: April 21, 2018
All architectures
Additional data is inadvertently removed when private keys are cleared from
TLS configuration, which can prevent OCSP from functioning correctly.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: April 21, 2018
All architectures
ARP replies could be sent on the wrong member of a bridge(4) interface.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: April 21, 2018
All architectures
In the gif(4) interface, use the specified protocol for IPv6, plug
a mbuf leak and avoid a use after free.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: April 21, 2018
All architectures
httpd can leak file descriptors when servicing range requests.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 8, 2018
All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: May 8, 2018
All architectures
Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations
from working.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: May 17, 2018
All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: June 14, 2018
All architectures
DSA and ECDSA signature generation can potentially leak secret information
to a timing side-channel attack.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 17, 2018
amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
so data (including AES keys) from previous contexts could be discovered
if using the lazy-save approach.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 21, 2018
All architectures
Perl's Archive::Tar module could be made to write files outside of
its working directory.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: July 25, 2018
All architectures
A regular user could trigger a kernel panic by executing an invalid
ELF binary.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: July 25, 2018
All architectures
When an IPsec key expired, the kernel could panic due to unfinished
timeout tasks.
A source code patch exists which remedies this problem.
-
014: SECURITY FIX: July 31, 2018
amd64 and i386
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
instruction against speculation.
A source code patch exists which remedies this problem.
-
015: SECURITY FIX: July 31, 2018
i386
IO port permissions were incorrectly restricted.
A source code patch exists which remedies this problem.
-
016: RELIABILITY FIX: August 4, 2018
amd64
Incorrect initialization of the FPU caused floating point exceptions
when running on Xen.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: August 24, 2018
amd64
State from the FPU of one userland process could be exposed to other processes.
A source code patch exists which remedies this problem.
-
018: SECURITY FIX: August 24, 2018
amd64
The Intel L1TF bug allows a vmm guest to read host memory.
Install the CPU firmware using fw_update(1) and apply this workaround.
A source code patch exists which remedies this problem.
-
019: SECURITY FIX: September 21, 2018
amd64
On AMD CPUs, LDTR must be managed crossing between VMs.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: October 25, 2018
All architectures
The Xorg X server incorrectly validates certain options, allowing arbitrary
files to be overwritten.
As an immediate (temporary) workaround, the Xorg binary can be disabled
by running: chmod u-s /usr/X11R6/bin/Xorg
A source code patch exists which remedies this problem.
-
021: RELIABILITY FIX: November 2, 2018
i386, amd64, arm64
The syspatch utility incorrectly handles symbolic links.
A source code patch exists which remedies this problem.
-
022: SECURITY FIX: November 17, 2018
All architectures
Timing side channels may leak information about DSA and ECDSA private keys.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: November 17, 2018
All architectures
A recent change to POSIX file locks could cause incorrect results
during lock acquisition.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: November 29, 2018
All architectures
Various overflows exist in perl.
A source code patch exists which remedies this problem.
-
025: RELIABILITY FIX: November 29, 2018
All architectures
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can
attempt excessive memory allocations leading to a crash.
A source code patch exists which remedies this problem.
-
026: RELIABILITY FIX: December 20, 2018
All architectures
While recv(2) with the MSG_WAITALL flag was receiving control
messages from a socket, the kernel could panic.
A source code patch exists which remedies this problem.
-
027: SECURITY FIX: December 22, 2018
All architectures
The setsockopt(2) system call could overflow mbuf cluster kernel
memory by 4 bytes.
A source code patch exists which remedies this problem.
-
028: SECURITY FIX: February 5, 2019
All architectures
The mincore() system call can be used to observe memory access patterns
of other processes.
A source code patch exists which remedies this problem.
-
029: RELIABILITY FIX: February 5, 2019
All architectures
Missing length checks in the NFS server and client can lead to crashes
and other errors.
A source code patch exists which remedies this problem.
-
030: SECURITY FIX: March 1, 2019
All architectures
Fragmented IPv6 packets may be erroneously passed by pf or lead to a crash.
A source code patch exists which remedies this problem.
-
031: SECURITY FIX: March 22, 2019
All architectures
A state in pf could pass ICMP packets to a destination IP address
that did not match the state.
A source code patch exists which remedies this problem.
-
032: SECURITY FIX: March 27, 2019
amd64 and i386
GDT and IDT limits were improperly restored during VMM context switches.
A source code patch exists which remedies this problem.
-
033: RELIABILITY FIX: May 3, 2019
All architectures
If a userland program sets the IPv6 checksum offset on a raw socket,
an incoming packet could crash the kernel. ospf6d is such a program.
A source code patch exists which remedies this problem.