version 1.41, 2016/08/15 02:22:06 |
version 1.42, 2016/10/16 19:11:30 |
|
|
<br> |
<br> |
<hr> |
<hr> |
|
|
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7.tar.gz"> |
You can also fetch a tar.gz file containing all the following patches</a>. |
You can also fetch a tar.gz file containing all the following patches</a>. |
This file is updated once a day. |
This file is updated once a day. |
<p> |
<p> |
|
|
For more information, see the |
For more information, see the |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
<a href="http://www.x.org/wiki/Development/Security/Advisory-2015-03-17/">X.org advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/002_libxfont.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/002_libxfont.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
<br>Note that the instructions should read <code>cd /usr/xenocara/lib/libXfont</code>. |
<p> |
<p> |
|
|
For more information, see the |
For more information, see the |
<a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150319.txt">OpenSSL advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/003_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/003_openssl.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Fix a logic error in smtpd handling of SNI. |
Fix a logic error in smtpd handling of SNI. |
This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
This could allow a remote user to crash the server or provoke a disconnect of other sessions. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/004_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/004_smtpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
A remote user can crash httpd by forcing the daemon to log to a file |
A remote user can crash httpd by forcing the daemon to log to a file |
before the logging system was initialized. |
before the logging system was initialized. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/005_httpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/005_httpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Malformed binaries could trigger kernel panics or view kernel memory. |
Malformed binaries could trigger kernel panics or view kernel memory. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/006_elf.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/006_elf.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<li>tar without -P would permit extraction of paths with ".." components |
<li>tar without -P would permit extraction of paths with ".." components |
<li>there was a buffer overflow in the handling of pax extension headers |
<li>there was a buffer overflow in the handling of pax extension headers |
</ul> |
</ul> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/007_tar.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/007_tar.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
<li>a local user can cause smtpd to fail by writing an invalid imsg to control socket. |
<li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
<li>a local user can prevent smtpd from serving new requests by exhausting descriptors. |
</ul> |
</ul> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/008_smtpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
For more information, see the |
For more information, see the |
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
<a href="https://www.openssl.org/news/secadv_20150611.txt">OpenSSL advisory</a>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/009_openssl.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A TCP socket can become confused and not properly cleanup resources. |
A TCP socket can become confused and not properly cleanup resources. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/010_tcp_persist.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
A kernel memory leak could be triggered by an unprivileged user in |
A kernel memory leak could be triggered by an unprivileged user in |
a failure case when using execve under systrace. |
a failure case when using execve under systrace. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/011_execve.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/011_execve.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
the obsolete RCS support when processing a crafted input file. |
the obsolete RCS support when processing a crafted input file. |
This patch deletes the RCS support. |
This patch deletes the RCS support. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/012_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/012_patch.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The patch utility could become desyncronized processing ed(1)-style diffs. |
The patch utility could become desyncronized processing ed(1)-style diffs. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
A change to sshd resulted in incorrect permissions being applied to pseudo |
A change to sshd resulted in incorrect permissions being applied to pseudo |
terminal devices, allowing local users to write to (but not read from) them. |
terminal devices, allowing local users to write to (but not read from) them. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/014_sshd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/014_sshd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Various problems were identified in relayd and merged back from |
Various problems were identified in relayd and merged back from |
current to 5.7 in this maintanance update. |
current to 5.7 in this maintanance update. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/015_relayd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/015_relayd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
An incorrect operation in uvm could result in system panics. |
An incorrect operation in uvm could result in system panics. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/016_uvm.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/016_uvm.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
<li>hardlink and symlink attacks allowed a local user to unset chflags or |
leak the first line of an arbitrary file. |
leak the first line of an arbitrary file. |
</ul> |
</ul> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/017_smtpd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A problem with timer kevents could result in a kernel hang (local denial |
A problem with timer kevents could result in a kernel hang (local denial |
of service).<br> |
of service).<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/018_kevent.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/018_kevent.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun |
and memory leak, as reported by Qualys Security.<br> |
and memory leak, as reported by Qualys Security.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/019_obj2txt.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/019_obj2txt.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
Insufficient validation of RSN element group cipher values in 802.11 |
Insufficient validation of RSN element group cipher values in 802.11 |
beacons and probe responses could result in system panics.<br> |
beacons and probe responses could result in system panics.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/020_rsn.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/020_rsn.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
<i>All architectures</i><br> |
<i>All architectures</i><br> |
A NULL pointer deference could be triggered by a crafted certificate sent to |
A NULL pointer deference could be triggered by a crafted certificate sent to |
services configured to verify client certificates on TLS/SSL connections.<br> |
services configured to verify client certificates on TLS/SSL connections.<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/021_clientcert.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
Prevent this problem immediately by adding the line "UseRoaming no" to |
Prevent this problem immediately by adding the line "UseRoaming no" to |
<b>/etc/ssh/ssh_config</b>. |
<b>/etc/ssh/ssh_config</b>. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/022_ssh.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/022_ssh.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
<li id="023_sshd"> |
<li id="023_sshd"> |
<font color="#009000"><strong>023: SECURITY FIX: March 10, 2016</strong></font> |
<font color="#009000"><strong>023: SECURITY FIX: March 10, 2016</strong></font> |
<i>All architectures</i><br> |
<i>All architectures</i><br> |
<a href="http://www.openssh.com/txt/x11fwd.adv"> |
<a href="https://www.openssh.com/txt/x11fwd.adv"> |
Lack of credential sanitization allows injection of commands to xauth(1).</a> |
Lack of credential sanitization allows injection of commands to xauth(1).</a> |
<br> |
<br> |
Prevent this problem immediately by not using the "X11Forwarding" feature |
Prevent this problem immediately by not using the "X11Forwarding" feature |
(which is disabled by default) |
(which is disabled by default) |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/023_sshd.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/023_sshd.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|
|
|
processing allow a local user to send UDP packets with a source |
processing allow a local user to send UDP packets with a source |
(IPv6 address + port) already reserved by another user. |
(IPv6 address + port) already reserved by another user. |
<br> |
<br> |
<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/024_in6bind.patch.sig"> |
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/024_in6bind.patch.sig"> |
A source code patch exists which remedies this problem.</a> |
A source code patch exists which remedies this problem.</a> |
<p> |
<p> |
|
|