| version 1.41, 2016/08/15 02:22:06 |
version 1.42, 2016/10/16 19:11:30 |
|
|
| <br> |
<br> |
| <hr> |
<hr> |
| |
|
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz"> |
| You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
| This file is updated once a day. |
This file is updated once a day. |
| <p> |
<p> |
|
|
| For more information, see the |
For more information, see the |
| <a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/002_libxfont.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/002_libxfont.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
<br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
| <p> |
<p> |
|
|
| For more information, see the |
For more information, see the |
| <a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/003_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/003_openssl.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| Fix a logic error in smtpd handling of SNI. |
Fix a logic error in smtpd handling of SNI. |
| This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/004_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/004_smtpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| A remote user can crash httpd by forcing the daemon to log to a file |
A remote user can crash httpd by forcing the daemon to log to a file |
| before the logging system was initialized. |
before the logging system was initialized. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/005_httpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/005_httpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Malformed binaries could trigger kernel panics or view kernel memory. |
Malformed binaries could trigger kernel panics or view kernel memory. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/006_elf.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/006_elf.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <li>tar without -P would permit extraction of paths with ".." components |
<li>tar without -P would permit extraction of paths with ".." components |
| <li>there was a buffer overflow in the handling of pax extension headers |
<li>there was a buffer overflow in the handling of pax extension headers |
| </ul> |
</ul> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/007_tar.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/007_tar.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
<li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
| <li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
<li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
| </ul> |
</ul> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| For more information, see the |
For more information, see the |
| <a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A TCP socket can become confused and not properly cleanup resources. |
A TCP socket can become confused and not properly cleanup resources. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| A kernel memory leak could be triggered by an unprivileged user in |
A kernel memory leak could be triggered by an unprivileged user in |
| a failure case when using execve under systrace. |
a failure case when using execve under systrace. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/011_execve.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/011_execve.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| the obsolete RCS support when processing a crafted input file. |
the obsolete RCS support when processing a crafted input file. |
| This patch deletes the RCS support. |
This patch deletes the RCS support. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/012_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/012_patch.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The patch utility could become desyncronized processing ed(1)-style diffs. |
The patch utility could become desyncronized processing ed(1)-style diffs. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| A change to sshd resulted in incorrect permissions being applied to pseudo |
A change to sshd resulted in incorrect permissions being applied to pseudo |
| terminal devices, allowing local users to write to (but not read from) them. |
terminal devices, allowing local users to write to (but not read from) them. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/014_sshd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/014_sshd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| Various problems were identified in relayd and merged back from |
Various problems were identified in relayd and merged back from |
| current to 5.7 in this maintanance update. |
current to 5.7 in this maintanance update. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/015_relayd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/015_relayd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| An incorrect operation in uvm could result in system panics. |
An incorrect operation in uvm could result in system panics. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/016_uvm.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/016_uvm.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <li>hardlink and symlink attacks allowed a local user to unset chflags or |
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
| leak the first line of an arbitrary file. |
leak the first line of an arbitrary file. |
| </ul> |
</ul> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A problem with timer kevents could result in a kernel hang (local denial |
A problem with timer kevents could result in a kernel hang (local denial |
| of service).<br> |
of service).<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/018_kevent.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/018_kevent.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
| and memory leak, as reported by Qualys Security.<br> |
and memory leak, as reported by Qualys Security.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/019_obj2txt.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/019_obj2txt.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| Insufficient validation of RSN element group cipher values in 802.11 |
Insufficient validation of RSN element group cipher values in 802.11 |
| beacons and probe responses could result in system panics.<br> |
beacons and probe responses could result in system panics.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/020_rsn.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/020_rsn.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| A NULL pointer deference could be triggered by a crafted certificate sent to |
A NULL pointer deference could be triggered by a crafted certificate sent to |
| services configured to verify client certificates on TLS/SSL connections.<br> |
services configured to verify client certificates on TLS/SSL connections.<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| Prevent this problem immediately by adding the line "UseRoaming no" to |
Prevent this problem immediately by adding the line "UseRoaming no" to |
| <b>/etc/ssh/ssh_config</b>. |
<b>/etc/ssh/ssh_config</b>. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/022_ssh.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/022_ssh.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
| <li id="023_sshd"> |
<li id="023_sshd"> |
| <font color="#009000"><strong>023: SECURITY FIX: March 10, 2016</strong></font> |
<font color="#009000"><strong>023: SECURITY FIX: March 10, 2016</strong></font> |
| <i>All architectures</i><br> |
<i>All architectures</i><br> |
| <a href="http://www.openssh.com/txt/x11fwd.adv"> |
<a href="https://www.openssh.com/txt/x11fwd.adv"> |
| Lack of credential sanitization allows injection of commands to xauth(1).</a> |
Lack of credential sanitization allows injection of commands to xauth(1).</a> |
| <br> |
<br> |
| Prevent this problem immediately by not using the "X11Forwarding" feature |
Prevent this problem immediately by not using the "X11Forwarding" feature |
| (which is disabled by default) |
(which is disabled by default) |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/023_sshd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/023_sshd.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
|
|
| processing allow a local user to send UDP packets with a source |
processing allow a local user to send UDP packets with a source |
| (IPv6 address + port) already reserved by another user. |
(IPv6 address + port) already reserved by another user. |
| <br> |
<br> |
| <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/024_in6bind.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/024_in6bind.patch.sig"> |
| A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
| <p> |
<p> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to errata57.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www