| version 1.47, 2016/08/15 02:22:06 |
version 1.48, 2016/10/16 19:11:30 |
|
|
| <br> |
<br> |
| <hr> |
<hr> |
| |
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6.tar.gz"> |
| You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
| This file is updated once a day. |
This file is updated once a day. |
| <p> |
<p> |
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4). |
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4). |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/001_rxr.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/001_rxr.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <pre> |
<pre> |
| # ifconfig em0 -autoconfprivacy |
# ifconfig em0 -autoconfprivacy |
| </pre> |
</pre> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/002_nd6.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/002_nd6.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| host confusion attacks in some configurations. |
host confusion attacks in some configurations. |
| This issue was assigned CVE-2014-3616. |
This issue was assigned CVE-2014-3616. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/003_nginx.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/003_nginx.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Executable headers with an unaligned address will trigger a kernel panic. |
Executable headers with an unaligned address will trigger a kernel panic. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/004_kernexec.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/004_kernexec.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| but we recommend against the continued use of this obsolete protocol. |
but we recommend against the continued use of this obsolete protocol. |
| </i> |
</i> |
| <p> |
<p> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/005_nosslv3.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/005_nosslv3.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Certain http requests can crash relayd. |
Certain http requests can crash relayd. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/006_relayd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/006_relayd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 |
from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32 |
| mask applied to the dynamic address. |
mask applied to the dynamic address. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/007_pfctl.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. |
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/008_asr.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/008_asr.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| want to use it. Therefore here is a "jumbo" patch that brings in the |
want to use it. Therefore here is a "jumbo" patch that brings in the |
| most important fixes. |
most important fixes. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <br> |
<br> |
| <i>Unfortunately the source tree found on the CD set contains a slightly different |
<i>Unfortunately the source tree found on the CD set contains a slightly different |
|
|
| Several bugs were fixed that allowed a crash from remote when an active pipex |
Several bugs were fixed that allowed a crash from remote when an active pipex |
| session exists. |
session exists. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/010_pipex.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| An incorrect memcpy call would result in corrupted MAC addresses when |
An incorrect memcpy call would result in corrupted MAC addresses when |
| using PPPOE. |
using PPPOE. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/011_pppoe.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| Fix a denial of service where a malicious authority could make the resolver chase an |
Fix a denial of service where a malicious authority could make the resolver chase an |
| endless series of delegations. (CVE-2014-8602) |
endless series of delegations. (CVE-2014-8602) |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| Missing memory barriers in virtio(4) can lead to hangs with virtio devices, |
Missing memory barriers in virtio(4) can lead to hangs with virtio devices, |
| like vio(4) and vioblk(4). |
like vio(4) and vioblk(4). |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <br> |
<br> |
| <a href="http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/">X Advisory</a> |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/">X Advisory</a> |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <br> |
<br> |
| <a href="http://www.wangafu.net/~nickm/volatile/advisory.txt.asc">Libevent Advisory</a> |
<a href="http://www.wangafu.net/~nickm/volatile/advisory.txt.asc">Libevent Advisory</a> |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/015_libevent.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/015_libevent.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| For more information, see the |
For more information, see the |
| <a href="http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/">X.org advisory</a>. |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/">X.org advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/016_xserver.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/016_xserver.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Don't permit TLS client connections to be downgraded to weak keys. |
Don't permit TLS client connections to be downgraded to weak keys. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/017_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/017_openssl.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Another fix for buffer overflows in malformed fonts. |
Another fix for buffer overflows in malformed fonts. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/018_freetype.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/018_freetype.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| For more information, see the |
For more information, see the |
| <a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/019_libxfont.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
<br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
| <p> |
<p> |
|
|
| For more information, see the |
For more information, see the |
| <a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/020_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/020_openssl.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| Fix a logic error in smtpd handling of SNI. |
Fix a logic error in smtpd handling of SNI. |
| This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/021_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/021_smtpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| A remote user can crash httpd by forcing the daemon to log to a file |
A remote user can crash httpd by forcing the daemon to log to a file |
| before the logging system was initialized. |
before the logging system was initialized. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Malformed binaries could trigger kernel panics or view kernel memory. |
Malformed binaries could trigger kernel panics or view kernel memory. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/023_elf.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/023_elf.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <li>tar without -P would permit extraction of paths with ".." components |
<li>tar without -P would permit extraction of paths with ".." components |
| <li>there was a buffer overflow in the handling of pax extension headers |
<li>there was a buffer overflow in the handling of pax extension headers |
| </ul> |
</ul> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/024_tar.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/024_tar.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
<li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
| <li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
<li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
| </ul> |
</ul> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/025_smtpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| For more information, see the |
For more information, see the |
| <a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/026_openssl.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A TCP socket can become confused and not properly cleanup resources. |
A TCP socket can become confused and not properly cleanup resources. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/027_tcp_persist.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/027_tcp_persist.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| A kernel memory leak could be triggered by an unprivileged user in |
A kernel memory leak could be triggered by an unprivileged user in |
| a failure case when using execve under systrace. |
a failure case when using execve under systrace. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/028_execve.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/028_execve.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| the obsolete SCCS and RCS support when processing a crafted input file. |
the obsolete SCCS and RCS support when processing a crafted input file. |
| This patch deletes the SCCS and RCS support. |
This patch deletes the SCCS and RCS support. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/029_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/029_patch.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The patch utility could become desyncronized processing ed(1)-style diffs. |
The patch utility could become desyncronized processing ed(1)-style diffs. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/030_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/030_patch.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <li>hardlink and symlink attacks allowed a local user to unset chflags or |
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
| leak the first line of an arbitrary file. |
leak the first line of an arbitrary file. |
| </ul> |
</ul> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/031_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/031_smtpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A problem with timer kevents could result in a kernel hang (local denial |
A problem with timer kevents could result in a kernel hang (local denial |
| of service).<br> |
of service).<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/032_kevent.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/032_kevent.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
| and memory leak, as reported by Qualys Security.<br> |
and memory leak, as reported by Qualys Security.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/033_obj2txt.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/033_obj2txt.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to errata56.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www