version 1.47, 2016/08/15 02:22:06 |
version 1.48, 2016/10/16 19:11:30 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
<p> |
<p> |
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4). |
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4). |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/001_rxr.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/001_rxr.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<pre> |
<pre> |
# ifconfig em0 -autoconfprivacy |
# ifconfig em0 -autoconfprivacy |
</pre> |
</pre> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/002_nd6.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/002_nd6.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
host confusion attacks in some configurations. |
host confusion attacks in some configurations. |
This issue was assigned CVE-2014-3616. |
This issue was assigned CVE-2014-3616. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/003_nginx.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/003_nginx.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Executable headers with an unaligned address will trigger a kernel panic. |
Executable headers with an unaligned address will trigger a kernel panic. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/004_kernexec.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/004_kernexec.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
but we recommend against the continued use of this obsolete protocol. |
but we recommend against the continued use of this obsolete protocol. |
</i> |
</i> |
<p> |
<p> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/005_nosslv3.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/005_nosslv3.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Certain http requests can crash relayd. |
Certain http requests can crash relayd. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/006_relayd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/006_relayd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 |
from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 |
mask applied to the dynamic address. |
mask applied to the dynamic address. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. |
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/008_asr.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/008_asr.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
want to use it. Therefore here is a "jumbo" patch that brings in the |
want to use it. Therefore here is a "jumbo" patch that brings in the |
most important fixes. |
most important fixes. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<br> |
<br> |
<i>Unfortunately the source tree found on the CD set contains a slightly different |
<i>Unfortunately the source tree found on the CD set contains a slightly different |
|
|
Several bugs were fixed that allowed a crash from remote when an active pipex |
Several bugs were fixed that allowed a crash from remote when an active pipex |
session exists. |
session exists. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
An incorrect memcpy call would result in corrupted MAC addresses when |
An incorrect memcpy call would result in corrupted MAC addresses when |
using PPPOE. |
using PPPOE. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Fix a denial of service where a malicious authority could make the resolver chase an |
Fix a denial of service where a malicious authority could make the resolver chase an |
endless series of delegations. (CVE-2014-8602) |
endless series of delegations. (CVE-2014-8602) |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Missing memory barriers in virtio(4) can lead to hangs with virtio devices, |
Missing memory barriers in virtio(4) can lead to hangs with virtio devices, |
like vio(4) and vioblk(4). |
like vio(4) and vioblk(4). |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<br> |
<br> |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/">X Advisory</a> |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/">X Advisory</a> |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<br> |
<br> |
<a href="http://www.wangafu.net/~nickm/volatile/advisory.txt.asc">Libevent Advisory</a> |
<a href="http://www.wangafu.net/~nickm/volatile/advisory.txt.asc">Libevent Advisory</a> |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/015_libevent.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/015_libevent.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
For more information, see the |
For more information, see the |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/">X.org advisory</a>. |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/">X.org advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/016_xserver.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/016_xserver.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Don't permit TLS client connections to be downgraded to weak keys. |
Don't permit TLS client connections to be downgraded to weak keys. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/017_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/017_openssl.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Another fix for buffer overflows in malformed fonts. |
Another fix for buffer overflows in malformed fonts. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/018_freetype.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/018_freetype.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
For more information, see the |
For more information, see the |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
<br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
<p> |
<p> |
|
|
For more information, see the |
For more information, see the |
<a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/020_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/020_openssl.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Fix a logic error in smtpd handling of SNI. |
Fix a logic error in smtpd handling of SNI. |
This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/021_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/021_smtpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
A remote user can crash httpd by forcing the daemon to log to a file |
A remote user can crash httpd by forcing the daemon to log to a file |
before the logging system was initialized. |
before the logging system was initialized. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Malformed binaries could trigger kernel panics or view kernel memory. |
Malformed binaries could trigger kernel panics or view kernel memory. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/023_elf.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/023_elf.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<li>tar without -P would permit extraction of paths with ".." components |
<li>tar without -P would permit extraction of paths with ".." components |
<li>there was a buffer overflow in the handling of pax extension headers |
<li>there was a buffer overflow in the handling of pax extension headers |
</ul> |
</ul> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/024_tar.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/024_tar.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
<li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
<li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
<li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
</ul> |
</ul> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
For more information, see the |
For more information, see the |
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A TCP socket can become confused and not properly cleanup resources. |
A TCP socket can become confused and not properly cleanup resources. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/027_tcp_persist.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/027_tcp_persist.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
A kernel memory leak could be triggered by an unprivileged user in |
A kernel memory leak could be triggered by an unprivileged user in |
a failure case when using execve under systrace. |
a failure case when using execve under systrace. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/028_execve.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/028_execve.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
the obsolete SCCS and RCS support when processing a crafted input file. |
the obsolete SCCS and RCS support when processing a crafted input file. |
This patch deletes the SCCS and RCS support. |
This patch deletes the SCCS and RCS support. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/029_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/029_patch.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The patch utility could become desyncronized processing ed(1)-style diffs. |
The patch utility could become desyncronized processing ed(1)-style diffs. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/030_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/030_patch.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
leak the first line of an arbitrary file. |
leak the first line of an arbitrary file. |
</ul> |
</ul> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/031_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/031_smtpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A problem with timer kevents could result in a kernel hang (local denial |
A problem with timer kevents could result in a kernel hang (local denial |
of service).<br> |
of service).<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/032_kevent.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/032_kevent.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
and memory leak, as reported by Qualys Security.<br> |
and memory leak, as reported by Qualys Security.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/033_obj2txt.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/033_obj2txt.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|