| version 1.28, 2019/04/02 12:46:57 |
version 1.29, 2019/05/27 22:55:20 |
|
|
| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
| <html> |
<html lang=en id=errata> |
| <head> |
<meta charset=utf-8> |
| |
|
| <title>OpenBSD 6.2 Errata</title> |
<title>OpenBSD 6.2 Errata</title> |
| <meta name="description" content="the OpenBSD errata page"> |
<meta name="description" content="the OpenBSD errata page"> |
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
|
| <meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
| <link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
| <link rel="canonical" href="https://www.openbsd.org/errata62.html"> |
<link rel="canonical" href="https://www.openbsd.org/errata62.html"> |
| </head> |
|
| |
|
| <!-- |
<!-- |
| IMPORTANT REMINDER |
IMPORTANT REMINDER |
| IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
| --> |
--> |
| <body bgcolor="#ffffff" text="#000000" link="#23238E"> |
|
| |
|
| <h2> |
<h2 id=OpenBSD> |
| <a href="index.html"> |
<a href="index.html"> |
| <font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
| <font color="#e00000">6.2 Errata</font> |
6.2 Errata |
| </h2> |
</h2> |
| <hr> |
<hr> |
| |
|
|
|
| <ul> |
<ul> |
| |
|
| <li id="p001_tcb_invalid"> |
<li id="p001_tcb_invalid"> |
| <font color="#009000"> |
<strong>001: RELIABILITY FIX: October 13, 2017</strong> |
| <strong>001: RELIABILITY FIX: October 13, 2017</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| A local user could trigger a kernel panic by using an invalid TCB value. |
A local user could trigger a kernel panic by using an invalid TCB value. |
|
|
| <p> |
<p> |
| |
|
| <li id="p002_fktrace"> |
<li id="p002_fktrace"> |
| <font color="#009000"> |
<strong>002: SECURITY FIX: December 1, 2017</strong> |
| <strong>002: SECURITY FIX: December 1, 2017</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| The fktrace(2) system call had insufficient security checks. |
The fktrace(2) system call had insufficient security checks. |
|
|
| <p> |
<p> |
| |
|
| <li id="p003_mpls"> |
<li id="p003_mpls"> |
| <font color="#009000"> |
<strong>003: RELIABILITY FIX: December 10, 2017</strong> |
| <strong>003: RELIABILITY FIX: December 10, 2017</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| A number of bugs were discovered in the MPLS stack that can be used to |
A number of bugs were discovered in the MPLS stack that can be used to |
|
|
| <p> |
<p> |
| |
|
| <li id="p004_libssl"> |
<li id="p004_libssl"> |
| <font color="#009000"> |
<strong>004: RELIABILITY FIX: January 14, 2018</strong> |
| <strong>004: RELIABILITY FIX: January 14, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| An incorrect TLS extensions block is generated when no extensions are present, |
An incorrect TLS extensions block is generated when no extensions are present, |
|
|
| <p> |
<p> |
| |
|
| <li id="p005_ahopts"> |
<li id="p005_ahopts"> |
| <font color="#009000"> |
<strong>005: RELIABILITY FIX: February 2, 2018</strong> |
| <strong>005: RELIABILITY FIX: February 2, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| Specially crafted IPsec AH packets with IP options or IPv6 extension |
Specially crafted IPsec AH packets with IP options or IPv6 extension |
|
|
| <p> |
<p> |
| |
|
| <li id="p006_prevhdr"> |
<li id="p006_prevhdr"> |
| <font color="#009000"> |
<strong>006: RELIABILITY FIX: February 2, 2018</strong> |
| <strong>006: RELIABILITY FIX: February 2, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| Processing IPv6 fragments could incorrectly access memory of an mbuf |
Processing IPv6 fragments could incorrectly access memory of an mbuf |
|
|
| <p> |
<p> |
| |
|
| <li id="p007_etherip"> |
<li id="p007_etherip"> |
| <font color="#009000"> |
<strong>007: SECURITY FIX: February 2, 2018</strong> |
| <strong>007: SECURITY FIX: February 2, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| If the EtherIP tunnel protocol was disabled, IPv6 packets were not |
If the EtherIP tunnel protocol was disabled, IPv6 packets were not |
|
|
| <p> |
<p> |
| |
|
| <li id="p008_unbound"> |
<li id="p008_unbound"> |
| <font color="#009000"> |
<strong>008: SECURITY FIX: February 8, 2018</strong> |
| <strong>008: SECURITY FIX: February 8, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| A flaw was found in the way unbound validated wildcard-synthesized |
A flaw was found in the way unbound validated wildcard-synthesized |
|
|
| <p> |
<p> |
| |
|
| <li id="p009_meltdown"> |
<li id="p009_meltdown"> |
| <font color="#009000"> |
<strong>009: SECURITY FIX: March 1, 2018</strong> |
| <strong>009: SECURITY FIX: March 1, 2018</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| Intel CPUs contain a speculative execution flaw called Meltdown which |
Intel CPUs contain a speculative execution flaw called Meltdown which |
|
|
| <p> |
<p> |
| |
|
| <li id="p010_ahauth"> |
<li id="p010_ahauth"> |
| <font color="#009000"> |
<strong>010: RELIABILITY FIX: March 20, 2018</strong> |
| <strong>010: RELIABILITY FIX: March 20, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| The IPsec AH header could be longer than the network packet, resulting in |
The IPsec AH header could be longer than the network packet, resulting in |
|
|
| <p> |
<p> |
| |
|
| <li id="p011_perl"> |
<li id="p011_perl"> |
| <font color="#009000"> |
<strong>011: SECURITY FIX: April 14, 2018</strong> |
| <strong>011: SECURITY FIX: April 14, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| Heap overflows exist in perl which can lead to segmentation faults, |
Heap overflows exist in perl which can lead to segmentation faults, |
|
|
| <p> |
<p> |
| |
|
| <li id="p012_httpd"> |
<li id="p012_httpd"> |
| <font color="#009000"> |
<strong>012: RELIABILITY FIX: April 21, 2018</strong> |
| <strong>012: RELIABILITY FIX: April 21, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| httpd can leak file descriptors when servicing range requests. |
httpd can leak file descriptors when servicing range requests. |
|
|
| <p> |
<p> |
| |
|
| <li id="p013_ipseclen"> |
<li id="p013_ipseclen"> |
| <font color="#009000"> |
<strong>013: RELIABILITY FIX: May 8, 2018</strong> |
| <strong>013: RELIABILITY FIX: May 8, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| Incorrect handling of fragmented IPsec packets could result in a system crash. |
Incorrect handling of fragmented IPsec packets could result in a system crash. |
|
|
| <p> |
<p> |
| |
|
| <li id="p014_ipsecout"> |
<li id="p014_ipsecout"> |
| <font color="#009000"> |
<strong>014: RELIABILITY FIX: May 17, 2018</strong> |
| <strong>014: RELIABILITY FIX: May 17, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| A malicious packet can cause a kernel crash when using IPsec over IPv6. |
A malicious packet can cause a kernel crash when using IPsec over IPv6. |
|
|
| <p> |
<p> |
| |
|
| <li id="p015_libcrypto"> |
<li id="p015_libcrypto"> |
| <font color="#009000"> |
<strong>015: SECURITY FIX: June 14, 2018</strong> |
| <strong>015: SECURITY FIX: June 14, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| DSA and ECDSA signature generation can potentially leak secret information |
DSA and ECDSA signature generation can potentially leak secret information |
|
|
| <p> |
<p> |
| |
|
| <li id="p016_perl"> |
<li id="p016_perl"> |
| <font color="#009000"> |
<strong>016: SECURITY FIX: June 21, 2018</strong> |
| <strong>016: SECURITY FIX: June 21, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| Perl's Archive::Tar module could be made to write files outside of |
Perl's Archive::Tar module could be made to write files outside of |
|
|
| <p> |
<p> |
| |
|
| <li id="p017_intelfpu"> |
<li id="p017_intelfpu"> |
| <font color="#009000"> |
<strong>017: SECURITY FIX: June 21, 2018</strong> |
| <strong>017: SECURITY FIX: June 21, 2018</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| Intel CPUs speculatively access FPU registers even when the FPU is disabled, |
Intel CPUs speculatively access FPU registers even when the FPU is disabled, |
|
|
| <p> |
<p> |
| |
|
| <li id="p018_execsize"> |
<li id="p018_execsize"> |
| <font color="#009000"> |
<strong>018: RELIABILITY FIX: July 25, 2018</strong> |
| <strong>018: RELIABILITY FIX: July 25, 2018</strong></font> |
|
| <i>All architectures</i> |
<i>All architectures</i> |
| <br> |
<br> |
| A regular user could trigger a kernel panic by executing an invalid |
A regular user could trigger a kernel panic by executing an invalid |
|
|
| <p> |
<p> |
| |
|
| <li id="p019_amdlfence"> |
<li id="p019_amdlfence"> |
| <font color="#009000"> |
<strong>019: SECURITY FIX: July 31, 2018</strong> |
| <strong>019: SECURITY FIX: July 31, 2018</strong></font> |
|
| <i>amd64 and i386</i> |
<i>amd64 and i386</i> |
| <br> |
<br> |
| On AMD CPUs, set a chicken bit which turns LFENCE into a serialization |
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization |
|
|
| <p> |
<p> |
| |
|
| <li id="p020_ioport"> |
<li id="p020_ioport"> |
| <font color="#009000"> |
<strong>020: SECURITY FIX: July 31, 2018</strong> |
| <strong>020: SECURITY FIX: July 31, 2018</strong></font> |
|
| <i>i386</i> |
<i>i386</i> |
| <br> |
<br> |
| IO port permissions were incorrectly restricted. |
IO port permissions were incorrectly restricted. |
|
|
| <p> |
<p> |
| |
|
| <li id="p021_fpuinit"> |
<li id="p021_fpuinit"> |
| <font color="#009000"> |
<strong>021: RELIABILITY FIX: August 4, 2018</strong> |
| <strong>021: RELIABILITY FIX: August 4, 2018</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| Incorrect initialization of the FPU caused floating point exceptions |
Incorrect initialization of the FPU caused floating point exceptions |
|
|
| <p> |
<p> |
| |
|
| <li id="p022_fpufork"> |
<li id="p022_fpufork"> |
| <font color="#009000"> |
<strong>022: SECURITY FIX: August 24, 2018</strong> |
| <strong>022: SECURITY FIX: August 24, 2018</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| State from the FPU of one userland process could be exposed to other processes. |
State from the FPU of one userland process could be exposed to other processes. |
|
|
| <p> |
<p> |
| |
|
| <li id="p023_vmml1tf"> |
<li id="p023_vmml1tf"> |
| <font color="#009000"> |
<strong>023: SECURITY FIX: August 24, 2018</strong> |
| <strong>023: SECURITY FIX: August 24, 2018</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| The Intel L1TF bug allows a vmm guest to read host memory. |
The Intel L1TF bug allows a vmm guest to read host memory. |
|
|
| <p> |
<p> |
| |
|
| <li id="p024_ldtr"> |
<li id="p024_ldtr"> |
| <font color="#009000"> |
<strong>024: SECURITY FIX: September 21, 2018</strong> |
| <strong>024: SECURITY FIX: September 21, 2018</strong></font> |
|
| <i>amd64</i> |
<i>amd64</i> |
| <br> |
<br> |
| On AMD CPUs, LDTR must be managed crossing between VMs. |
On AMD CPUs, LDTR must be managed crossing between VMs. |
|
|
| </ul> |
</ul> |
| |
|
| <hr> |
<hr> |
| |
|
| </body> |
|
| </html> |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to errata62.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www