For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
7.0,
7.1.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: RELIABILITY FIX: May 4, 2021
amd64
vmd guests can trigger excessive log messages on the host by sending
certain network packets.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 18, 2021
All architectures
Request length checks were missing in libX11.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: May 18, 2021
amd64
vmd guest virtio drivers could cause stack overflows by crafting
invalid virtio descriptor lengths.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: May 21, 2021
All architectures
Insufficient validation of A-MSDUs and fragmented 802.11 frames could
be abused to inject arbitrary frames.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 24, 2021
amd64
Recent Intel machines could crash or hang as global mappings were
not flushed from TLB.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: June 8, 2021
amd64
Recent Intel or any AMD machines could crash as the kernel did not
flush all TLBs that multi threaded processes require.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: June 8, 2021
amd64, i386
Disable PPGTT on Intel machines with cherryview/braswell graphics
to avoid memory corruption.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: June 9, 2021
amd64
vmd guests could cause stack overflows by crafting malicious dhcp
requests when using local interfaces.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: June 25, 2021
All architectures
During config reloads of bgpd(8), prefixes of the wrong address family
could leak to peers resulting in session resets.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: July 25, 2021
All architectures
relayd(8), when using the the http protocol strip filter directive or http
protocol macro expansion, processes format strings.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: July 25, 2021
mips64
On mips64, the strchr/index/strrchr/rindex functions in libc handled
signed characters incorrectly.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: August 04, 2021
sparc64
A missaligned address could trigger a kernel assert and panic the kernel.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: August 11, 2021
All architectures
In a specific configuration, wg(4) leaked mbufs.
A source code patch exists which remedies this problem.
-
014: SECURITY FIX: August 11, 2021
All architectures
perl(1) Encode (3p) loads a module from an incorrect relative path.
A source code patch exists which remedies this problem.
-
015: SECURITY FIX: August 20, 2021
All architectures
In LibreSSL, printing a certificate can result in a crash in
X509_CERT_AUX_print().
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: September 27, 2021
All architectures
sshd(8) failed to clear supplemental groups when executing an
AuthorizedUsersCommand or AuthorizedPrincipalsCommand helper program.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: September 27, 2021
All architectures
In libcrypto, part of LibreSSL, a stack overread could occur when
checking X.509 name constraints.
A source code patch exists which remedies this problem.
-
018: RELIABILITY FIX: September 30, 2021
All architectures
Compensate for the expiry of the DST Root X3 certificate.
A source code patch exists which remedies this problem.
-
019: RELIABILITY FIX: October 31, 2021
All architectures
Opening /dev/bpf too often could lead to resource exhaustion.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: October 31, 2021
All architectures
The kernel could leak memory when closing unix sockets.
A source code patch exists which remedies this problem.
-
021: SECURITY FIX: November 9, 2021
All architectures
rpki-client(8) should handle CA misbehaviours as soft-errors.
A source code patch exists which remedies this problem.
-
022: RELIABILITY FIX: November 26, 2021
All architectures
An unprivileged user could crash the kernel by using UNIX-domain
sockets in multiple threads.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: December 7, 2021
All architectures
Errata 021 broke rpki-client(8) compatibility with bgpd(8)
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: December 14, 2021
All architectures
Multiple input validation failures in the X server request parsing
code can lead to out of bounds memory accesses for authorized
clients.
A source code patch exists which remedies this problem.
-
025: SECURITY FIX: December 16, 2021
All architectures
If multicast routing is used, kernel memory is leaked to userland.
A source code patch exists which remedies this problem.
-
026: SECURITY FIX: January 19, 2022
All architectures
Fix 8 security issues in libexpat, all related to fixed-size integer
math (integer overflow and invalid shifts) near memory allocation.
A source code patch exists which remedies this problem.
-
027: SECURITY FIX: January 24, 2022
macppc
On PowerPC kernel memory is leaked to userland.
A source code patch exists which remedies this problem.
-
028: RELIABILITY FIX: February 2, 2022
amd64 i386
Userspace controlled code on GPU can access kernel memory on Intel
gen 8 and later GPUs.
A source code patch exists which remedies this problem.
-
029: SECURITY FIX: February 2, 2022
All architectures
Fix two security issues in libexpat related to integer overflow.
A source code patch exists which remedies this problem.
-
030: SECURITY FIX: February 21, 2022
All architectures
More than 7 nameservers in an IPv6 router advertisement could crash slaacd.
A source code patch exists which remedies this problem.
-
031: SECURITY FIX: February 24, 2022
All architectures
Fix five security issues in libexpat related to encoding, stack
exhaustion, and integer overflow.
A source code patch exists which remedies this problem.
-
032: SECURITY FIX: March 15, 2022
All architectures
A malicious certificate can cause an infinite loop.
A source code patch exists which remedies this problem.
-
033: SECURITY FIX: March 22, 2022
All architectures
A malicious router advertisement could overflow heap memory in
unprivileged slaacd process.
A source code patch exists which remedies this problem.