version 1.46, 2016/08/15 02:22:06 |
version 1.47, 2016/10/16 19:11:30 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
<p> |
<p> |
|
|
mips64el, vax). Other address types (bare addresses "10.1.1.1" and |
mips64el, vax). Other address types (bare addresses "10.1.1.1" and |
prefixes "10.1.1.1/30") are not affected. |
prefixes "10.1.1.1/30") are not affected. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/013_pf.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/013_pf.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
that nothing in the base OS uses this. Apache httpd started using this |
that nothing in the base OS uses this. Apache httpd started using this |
in v2.3.3; this is newer than the version in ports. |
in v2.3.3; this is newer than the version in ports. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/012_openssl.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/012_openssl.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
leading to routing socket users that restrict the AF (such as ospfd) |
leading to routing socket users that restrict the AF (such as ospfd) |
not seeing any of the RTM_DELETE messages. |
not seeing any of the RTM_DELETE messages. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/011_rtsock.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/011_rtsock.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<a href="http://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>). |
<a href="http://man.openbsd.org/?query=ubsec&sektion=4">ubsec(4)</a>). |
|
|
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/010_cbc.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
handler may allow userland to modify kernel memory. By default root |
handler may allow userland to modify kernel memory. By default root |
privileges are needed to add or modify pf rules. |
privileges are needed to add or modify pf rules. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/009_pf.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/009_pf.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
and use OpenSSL's internal caching mechanism. Servers that are multi-process |
and use OpenSSL's internal caching mechanism. Servers that are multi-process |
and/or disable internal session caching are not affected. |
and/or disable internal session caching are not affected. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/008_openssl.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/008_openssl.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.<br> |
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.<br> |
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands. |
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/007_scsi.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/007_scsi.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives. |
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/006_scsi.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/006_scsi.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Incorrectly initialized state updates can cause pfsync update storms. |
Incorrectly initialized state updates can cause pfsync update storms. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/005_pfsync.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/005_pfsync.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<font color="#009000"><strong>004: SECURITY FIX: April 23, 2010</strong></font> |
<font color="#009000"><strong>004: SECURITY FIX: April 23, 2010</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The combination of pfsync and IPSEC may crash the kernel.<br> |
The combination of pfsync and IPSEC may crash the kernel.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/004_pfsync.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/004_pfsync.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
In TLS connections, certain incorrectly formatted records can cause |
In TLS connections, certain incorrectly formatted records can cause |
an OpenSSL client or server to crash due to a read attempt at NULL. |
an OpenSSL client or server to crash due to a read attempt at NULL. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/003_openssl.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/003_openssl.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
leading to a denial of service when a resource limit is apparently |
leading to a denial of service when a resource limit is apparently |
reached. |
reached. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/002_mpi.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
paranoid enough in checking for underruns, which could potentially |
paranoid enough in checking for underruns, which could potentially |
lead to crashes. |
lead to crashes. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/001_kerberos.patch"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/4.7/common/001_kerberos.patch"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|