[BACK]Return to errata62.html CVS log [TXT][DIR] Up to [local] / www

Annotation of www/errata62.html, Revision 1.31

1.29      bentley     1: <!doctype html>
                      2: <html lang=en id=errata>
                      3: <meta charset=utf-8>
                      4:
1.1       deraadt     5: <title>OpenBSD 6.2 Errata</title>
                      6: <meta name="description" content="the OpenBSD errata page">
                      7: <meta name="viewport" content="width=device-width, initial-scale=1">
                      8: <link rel="stylesheet" type="text/css" href="openbsd.css">
                      9: <link rel="canonical" href="https://www.openbsd.org/errata62.html">
                     10:
                     11: <!--
                     12:                        IMPORTANT REMINDER
                     13:        IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
                     14: -->
                     15:
1.29      bentley    16: <h2 id=OpenBSD>
1.1       deraadt    17: <a href="index.html">
1.29      bentley    18: <i>Open</i><b>BSD</b></a>
                     19: 6.2 Errata
1.1       deraadt    20: </h2>
                     21: <hr>
                     22:
                     23: For errata on a certain release, click below:<br>
1.31    ! schwarze   24: <a href="errata20.html">2.0</a>,
1.1       deraadt    25: <a href="errata21.html">2.1</a>,
                     26: <a href="errata22.html">2.2</a>,
                     27: <a href="errata23.html">2.3</a>,
                     28: <a href="errata24.html">2.4</a>,
                     29: <a href="errata25.html">2.5</a>,
                     30: <a href="errata26.html">2.6</a>,
                     31: <a href="errata27.html">2.7</a>,
                     32: <a href="errata28.html">2.8</a>,
                     33: <a href="errata29.html">2.9</a>,
                     34: <a href="errata30.html">3.0</a>,
                     35: <a href="errata31.html">3.1</a>,
                     36: <a href="errata32.html">3.2</a>,
                     37: <a href="errata33.html">3.3</a>,
                     38: <a href="errata34.html">3.4</a>,
                     39: <a href="errata35.html">3.5</a>,
1.31    ! schwarze   40: <br>
1.1       deraadt    41: <a href="errata36.html">3.6</a>,
                     42: <a href="errata37.html">3.7</a>,
                     43: <a href="errata38.html">3.8</a>,
                     44: <a href="errata39.html">3.9</a>,
                     45: <a href="errata40.html">4.0</a>,
                     46: <a href="errata41.html">4.1</a>,
                     47: <a href="errata42.html">4.2</a>,
                     48: <a href="errata43.html">4.3</a>,
                     49: <a href="errata44.html">4.4</a>,
                     50: <a href="errata45.html">4.5</a>,
                     51: <a href="errata46.html">4.6</a>,
                     52: <a href="errata47.html">4.7</a>,
                     53: <a href="errata48.html">4.8</a>,
                     54: <a href="errata49.html">4.9</a>,
                     55: <a href="errata50.html">5.0</a>,
                     56: <a href="errata51.html">5.1</a>,
1.31    ! schwarze   57: <br>
1.1       deraadt    58: <a href="errata52.html">5.2</a>,
                     59: <a href="errata53.html">5.3</a>,
                     60: <a href="errata54.html">5.4</a>,
                     61: <a href="errata55.html">5.5</a>,
                     62: <a href="errata56.html">5.6</a>,
                     63: <a href="errata57.html">5.7</a>,
                     64: <a href="errata58.html">5.8</a>,
                     65: <a href="errata59.html">5.9</a>,
                     66: <a href="errata60.html">6.0</a>,
1.11      deraadt    67: <a href="errata61.html">6.1</a>,
1.26      deraadt    68: <a href="errata63.html">6.3</a>,
1.28      deraadt    69: <a href="errata64.html">6.4</a>,
1.30      deraadt    70: <a href="errata65.html">6.5</a>,
                     71: <a href="errata66.html">6.6</a>.
1.1       deraadt    72: <hr>
                     73:
                     74: <p>
                     75: Patches for the OpenBSD base system are distributed as unified diffs.
                     76: Each patch is cryptographically signed with the
                     77: <a href="https://man.openbsd.org/OpenBSD-6.2/signify.1">signify(1)</a> tool and contains
                     78: usage instructions.
                     79: All the following patches are also available in one
                     80: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2.tar.gz">tar.gz file</a>
                     81: for convenience.
                     82:
                     83: <p>
                     84: Alternatively, the <a href="https://man.openbsd.org/syspatch">syspatch(8)</a>
                     85: utility can be used to apply binary updates on the following architectures:
1.3       tj         86: amd64, i386, arm64.
1.1       deraadt    87:
                     88: <p>
                     89: Patches for supported releases are also incorporated into the
1.27      tj         90: <a href="stable.html">-stable branch</a>.
1.1       deraadt    91:
                     92: <hr>
                     93:
                     94: <ul>
                     95:
1.2       bluhm      96: <li id="p001_tcb_invalid">
1.29      bentley    97: <strong>001: RELIABILITY FIX: October 13, 2017</strong>
1.2       bluhm      98: &nbsp; <i>amd64</i>
                     99: <br>
                    100: A local user could trigger a kernel panic by using an invalid TCB value.
                    101: <br>
                    102: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/001_tcb_invalid.patch.sig">
1.3       tj        103: A source code patch exists which remedies this problem.</a>
                    104: <p>
                    105:
                    106: <li id="p002_fktrace">
1.29      bentley   107: <strong>002: SECURITY FIX: December 1, 2017</strong>
1.3       tj        108: &nbsp; <i>All architectures</i>
                    109: <br>
                    110: The fktrace(2) system call had insufficient security checks.
                    111: <br>
                    112: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/002_fktrace.patch.sig">
1.2       bluhm     113: A source code patch exists which remedies this problem.</a>
                    114: <p>
1.1       deraadt   115:
1.4       tj        116: <li id="p003_mpls">
1.29      bentley   117: <strong>003: RELIABILITY FIX: December 10, 2017</strong>
1.4       tj        118: &nbsp; <i>All architectures</i>
                    119: <br>
                    120: A number of bugs were discovered in the MPLS stack that can be used to
                    121: remotely trigger kernel crashes.
                    122: <br>
                    123: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/003_mpls.patch.sig">
                    124: A source code patch exists which remedies this problem.</a>
                    125: <p>
                    126:
1.5       tj        127: <li id="p004_libssl">
1.29      bentley   128: <strong>004: RELIABILITY FIX: January 14, 2018</strong>
1.5       tj        129: &nbsp; <i>All architectures</i>
                    130: <br>
                    131: An incorrect TLS extensions block is generated when no extensions are present,
                    132: which can result in handshake failures.
                    133: <br>
                    134: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/004_libssl.patch.sig">
                    135: A source code patch exists which remedies this problem.</a>
                    136: <p>
                    137:
1.6       tj        138: <li id="p005_ahopts">
1.29      bentley   139: <strong>005: RELIABILITY FIX: February 2, 2018</strong>
1.6       tj        140: &nbsp; <i>All architectures</i>
                    141: <br>
                    142: Specially crafted IPsec AH packets with IP options or IPv6 extension
                    143: headers could crash or hang the kernel.
                    144: <br>
                    145: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/005_ahopts.patch.sig">
                    146: A source code patch exists which remedies this problem.</a>
                    147: <p>
                    148:
                    149: <li id="p006_prevhdr">
1.29      bentley   150: <strong>006: RELIABILITY FIX: February 2, 2018</strong>
1.6       tj        151: &nbsp; <i>All architectures</i>
                    152: <br>
                    153: Processing IPv6 fragments could incorrectly access memory of an mbuf
                    154: chain that is not within an mbuf.  This may crash the kernel.
                    155: <br>
                    156: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/006_prevhdr.patch.sig">
                    157: A source code patch exists which remedies this problem.</a>
                    158: <p>
                    159:
                    160: <li id="p007_etherip">
1.29      bentley   161: <strong>007: SECURITY FIX: February 2, 2018</strong>
1.6       tj        162: &nbsp; <i>All architectures</i>
                    163: <br>
                    164: If the EtherIP tunnel protocol was disabled, IPv6 packets were not
                    165: discarded properly.  This causes a double free in the kernel.
                    166: <br>
                    167: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/007_etherip.patch.sig">
                    168: A source code patch exists which remedies this problem.</a>
                    169: <p>
                    170:
1.7       tj        171: <li id="p008_unbound">
1.29      bentley   172: <strong>008: SECURITY FIX: February 8, 2018</strong>
1.7       tj        173: &nbsp; <i>All architectures</i>
                    174: <br>
                    175: A flaw was found in the way unbound validated wildcard-synthesized
                    176: NSEC records. An improperly validated wildcard NSEC record could be
                    177: used to prove the non-existence (NXDOMAIN answer) of an existing
                    178: wildcard record, or trick unbound into accepting a NODATA proof.
                    179: <br>
                    180: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/008_unbound.patch.sig">
                    181: A source code patch exists which remedies this problem.</a>
                    182: <p>
                    183:
1.9       tj        184: <li id="p009_meltdown">
1.29      bentley   185: <strong>009: SECURITY FIX: March 1, 2018</strong>
1.9       tj        186: &nbsp; <i>amd64</i>
                    187: <br>
                    188: Intel CPUs contain a speculative execution flaw called Meltdown which
                    189: allows userspace programs to access kernel memory.
                    190: <br>
                    191: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/009_meltdown.patch.sig">
                    192: A complex workaround solves this problem.</a>
                    193: <p>
                    194:
1.10      tj        195: <li id="p010_ahauth">
1.29      bentley   196: <strong>010: RELIABILITY FIX: March 20, 2018</strong>
1.10      tj        197: &nbsp; <i>All architectures</i>
                    198: <br>
                    199: The IPsec AH header could be longer than the network packet, resulting in
                    200: a kernel crash.
                    201: <br>
                    202: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/010_ahauth.patch.sig">
                    203: A source code patch exists which remedies this problem.</a>
                    204: <p>
                    205:
1.12      afresh1   206: <li id="p011_perl">
1.29      bentley   207: <strong>011: SECURITY FIX: April 14, 2018</strong>
1.12      afresh1   208: &nbsp; <i>All architectures</i>
                    209: <br>
                    210: Heap overflows exist in perl which can lead to segmentation faults,
                    211: crashes, and reading memory past the buffer.
                    212: <br>
                    213: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/011_perl.patch.sig">
                    214: A source code patch exists which remedies this problem.</a>
                    215: <p>
                    216:
1.13      tj        217: <li id="p012_httpd">
1.29      bentley   218: <strong>012: RELIABILITY FIX: April 21, 2018</strong>
1.13      tj        219: &nbsp; <i>All architectures</i>
                    220: <br>
                    221: httpd can leak file descriptors when servicing range requests.
                    222: <br>
                    223: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/012_httpd.patch.sig">
                    224: A source code patch exists which remedies this problem.</a>
                    225: <p>
                    226:
1.14      tj        227: <li id="p013_ipseclen">
1.29      bentley   228: <strong>013: RELIABILITY FIX: May 8, 2018</strong>
1.14      tj        229: &nbsp; <i>All architectures</i>
                    230: <br>
                    231: Incorrect handling of fragmented IPsec packets could result in a system crash.
                    232: <br>
                    233: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/013_ipseclen.patch.sig">
                    234: A source code patch exists which remedies this problem.</a>
                    235: <p>
                    236:
1.15      tj        237: <li id="p014_ipsecout">
1.29      bentley   238: <strong>014: RELIABILITY FIX: May 17, 2018</strong>
1.15      tj        239: &nbsp; <i>All architectures</i>
                    240: <br>
                    241: A malicious packet can cause a kernel crash when using IPsec over IPv6.
                    242: <br>
                    243: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/014_ipsecout.patch.sig">
                    244: A source code patch exists which remedies this problem.</a>
                    245: <p>
                    246:
1.16      tb        247: <li id="p015_libcrypto">
1.29      bentley   248: <strong>015: SECURITY FIX: June 14, 2018</strong>
1.16      tb        249: &nbsp; <i>All architectures</i>
                    250: <br>
                    251: DSA and ECDSA signature generation can potentially leak secret information
                    252: to a timing side-channel attack.
                    253: <br>
                    254: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/015_libcrypto.patch.sig">
                    255: A source code patch exists which remedies this problem.</a>
                    256: <p>
                    257:
1.17      afresh1   258: <li id="p016_perl">
1.29      bentley   259: <strong>016: SECURITY FIX: June 21, 2018</strong>
1.17      afresh1   260: &nbsp; <i>All architectures</i>
                    261: <br>
                    262: Perl's Archive::Tar module could be made to write files outside of
                    263: its working directory.
                    264: <br>
                    265: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/016_perl.patch.sig">
                    266: A source code patch exists which remedies this problem.</a>
                    267: <p>
                    268:
1.18      tj        269: <li id="p017_intelfpu">
1.29      bentley   270: <strong>017: SECURITY FIX: June 21, 2018</strong>
1.18      tj        271: &nbsp; <i>amd64</i>
                    272: <br>
                    273: Intel CPUs speculatively access FPU registers even when the FPU is disabled,
                    274: so data (including AES keys) from previous contexts could be discovered
                    275: if using the lazy-save approach.
                    276: <br>
                    277: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/017_intelfpu.patch.sig">
                    278: A source code patch exists which remedies this problem.</a>
                    279: <p>
                    280:
1.19      tj        281: <li id="p018_execsize">
1.29      bentley   282: <strong>018: RELIABILITY FIX: July 25, 2018</strong>
1.19      tj        283: &nbsp; <i>All architectures</i>
                    284: <br>
                    285: A regular user could trigger a kernel panic by executing an invalid
                    286: ELF binary.
                    287: <br>
                    288: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/018_execsize.patch.sig">
                    289: A source code patch exists which remedies this problem.</a>
                    290: <p>
                    291:
1.20      tj        292: <li id="p019_amdlfence">
1.29      bentley   293: <strong>019: SECURITY FIX: July 31, 2018</strong>
1.20      tj        294: &nbsp; <i>amd64 and i386</i>
                    295: <br>
                    296: On AMD CPUs, set a chicken bit which turns LFENCE into a serialization
                    297: instruction against speculation.
                    298: <br>
                    299: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/019_amdlfence.patch.sig">
                    300: A source code patch exists which remedies this problem.</a>
                    301: <p>
                    302:
                    303: <li id="p020_ioport">
1.29      bentley   304: <strong>020: SECURITY FIX: July 31, 2018</strong>
1.20      tj        305: &nbsp; <i>i386</i>
                    306: <br>
                    307: IO port permissions were incorrectly restricted.
                    308: <br>
                    309: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/020_ioport.patch.sig">
                    310: A source code patch exists which remedies this problem.</a>
                    311: <p>
                    312:
1.21      tj        313: <li id="p021_fpuinit">
1.29      bentley   314: <strong>021: RELIABILITY FIX: August 4, 2018</strong>
1.21      tj        315: &nbsp; <i>amd64</i>
                    316: <br>
                    317: Incorrect initialization of the FPU caused floating point exceptions
                    318: when running on Xen.
                    319: <br>
                    320: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/021_fpuinit.patch.sig">
                    321: A source code patch exists which remedies this problem.</a>
                    322: <p>
                    323:
1.24      tj        324: <li id="p022_fpufork">
1.29      bentley   325: <strong>022: SECURITY FIX: August 24, 2018</strong>
1.24      tj        326: &nbsp; <i>amd64</i>
                    327: <br>
                    328: State from the FPU of one userland process could be exposed to other processes.
                    329: <br>
                    330: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/022_fpufork.patch.sig">
                    331: A source code patch exists which remedies this problem.</a>
                    332: <p>
                    333:
                    334: <li id="p023_vmml1tf">
1.29      bentley   335: <strong>023: SECURITY FIX: August 24, 2018</strong>
1.24      tj        336: &nbsp; <i>amd64</i>
                    337: <br>
                    338: The Intel L1TF bug allows a vmm guest to read host memory.
                    339: Install the CPU firmware using fw_update(1), and apply this workaround.
                    340: <br>
                    341: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/023_vmml1tf.patch.sig">
                    342: A source code patch exists which remedies this problem.</a>
                    343: <p>
                    344:
1.25      tj        345: <li id="p024_ldtr">
1.29      bentley   346: <strong>024: SECURITY FIX: September 21, 2018</strong>
1.25      tj        347: &nbsp; <i>amd64</i>
                    348: <br>
                    349: On AMD CPUs, LDTR must be managed crossing between VMs.
                    350: <br>
                    351: <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.2/common/024_ldtr.patch.sig">
                    352: A source code patch exists which remedies this problem.</a>
                    353: <p>
                    354:
1.1       deraadt   355: </ul>
                    356:
                    357: <hr>