version 1.34, 2019/05/02 01:54:29 |
version 1.35, 2019/05/27 22:55:20 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<!doctype html> |
<html> |
<html lang=en id=errata> |
<head> |
<meta charset=utf-8> |
|
|
<title>OpenBSD 6.3 Errata</title> |
<title>OpenBSD 6.3 Errata</title> |
<meta name="description" content="the OpenBSD errata page"> |
<meta name="description" content="the OpenBSD errata page"> |
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> |
|
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<meta name="viewport" content="width=device-width, initial-scale=1"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="stylesheet" type="text/css" href="openbsd.css"> |
<link rel="canonical" href="https://www.openbsd.org/errata63.html"> |
<link rel="canonical" href="https://www.openbsd.org/errata63.html"> |
</head> |
|
|
|
<!-- |
<!-- |
IMPORTANT REMINDER |
IMPORTANT REMINDER |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE |
--> |
--> |
<body bgcolor="#ffffff" text="#000000" link="#23238E"> |
|
|
|
<h2> |
<h2 id=OpenBSD> |
<a href="index.html"> |
<a href="index.html"> |
<font color="#0000ff"><i>Open</i></font><font color="#000084">BSD</font></a> |
<i>Open</i><b>BSD</b></a> |
<font color="#e00000">6.3 Errata</font> |
6.3 Errata |
</h2> |
</h2> |
<hr> |
<hr> |
|
|
|
|
<ul> |
<ul> |
|
|
<li id="p001_perl"> |
<li id="p001_perl"> |
<font color="#009000"> |
<strong>001: SECURITY FIX: April 14, 2018</strong> |
<strong>001: SECURITY FIX: April 14, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Heap overflows exist in perl which can lead to segmentation faults, |
Heap overflows exist in perl which can lead to segmentation faults, |
|
|
<p> |
<p> |
|
|
<li id="p002_libtls"> |
<li id="p002_libtls"> |
<font color="#009000"> |
<strong>002: RELIABILITY FIX: April 21, 2018</strong> |
<strong>002: RELIABILITY FIX: April 21, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Additional data is inadvertently removed when private keys are cleared from |
Additional data is inadvertently removed when private keys are cleared from |
|
|
<p> |
<p> |
|
|
<li id="p003_arp"> |
<li id="p003_arp"> |
<font color="#009000"> |
<strong>003: RELIABILITY FIX: April 21, 2018</strong> |
<strong>003: RELIABILITY FIX: April 21, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
ARP replies could be sent on the wrong member of a bridge(4) interface. |
ARP replies could be sent on the wrong member of a bridge(4) interface. |
|
|
<p> |
<p> |
|
|
<li id="p004_gif"> |
<li id="p004_gif"> |
<font color="#009000"> |
<strong>004: SECURITY FIX: April 21, 2018</strong> |
<strong>004: SECURITY FIX: April 21, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
In the gif(4) interface, use the specified protocol for IPv6, plug |
In the gif(4) interface, use the specified protocol for IPv6, plug |
|
|
<p> |
<p> |
|
|
<li id="p005_httpd"> |
<li id="p005_httpd"> |
<font color="#009000"> |
<strong>005: RELIABILITY FIX: April 21, 2018</strong> |
<strong>005: RELIABILITY FIX: April 21, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
httpd can leak file descriptors when servicing range requests. |
httpd can leak file descriptors when servicing range requests. |
|
|
<p> |
<p> |
|
|
<li id="p006_ipseclen"> |
<li id="p006_ipseclen"> |
<font color="#009000"> |
<strong>006: RELIABILITY FIX: May 8, 2018</strong> |
<strong>006: RELIABILITY FIX: May 8, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Incorrect handling of fragmented IPsec packets could result in a system crash. |
Incorrect handling of fragmented IPsec packets could result in a system crash. |
|
|
<p> |
<p> |
|
|
<li id="p007_libcrypto"> |
<li id="p007_libcrypto"> |
<font color="#009000"> |
<strong>007: RELIABILITY FIX: May 8, 2018</strong> |
<strong>007: RELIABILITY FIX: May 8, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations |
Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations |
|
|
<p> |
<p> |
|
|
<li id="p008_ipsecout"> |
<li id="p008_ipsecout"> |
<font color="#009000"> |
<strong>008: RELIABILITY FIX: May 17, 2018</strong> |
<strong>008: RELIABILITY FIX: May 17, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
A malicious packet can cause a kernel crash when using IPsec over IPv6. |
A malicious packet can cause a kernel crash when using IPsec over IPv6. |
|
|
<p> |
<p> |
|
|
<li id="p009_libcrypto"> |
<li id="p009_libcrypto"> |
<font color="#009000"> |
<strong>009: SECURITY FIX: June 14, 2018</strong> |
<strong>009: SECURITY FIX: June 14, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
DSA and ECDSA signature generation can potentially leak secret information |
DSA and ECDSA signature generation can potentially leak secret information |
|
|
<p> |
<p> |
|
|
<li id="p010_intelfpu"> |
<li id="p010_intelfpu"> |
<font color="#009000"> |
<strong>010: SECURITY FIX: June 17, 2018</strong> |
<strong>010: SECURITY FIX: June 17, 2018</strong></font> |
|
<i>amd64</i> |
<i>amd64</i> |
<br> |
<br> |
Intel CPUs speculatively access FPU registers even when the FPU is disabled, |
Intel CPUs speculatively access FPU registers even when the FPU is disabled, |
|
|
<p> |
<p> |
|
|
<li id="p011_perl"> |
<li id="p011_perl"> |
<font color="#009000"> |
<strong>011: SECURITY FIX: June 21, 2018</strong> |
<strong>011: SECURITY FIX: June 21, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Perl's Archive::Tar module could be made to write files outside of |
Perl's Archive::Tar module could be made to write files outside of |
|
|
<p> |
<p> |
|
|
<li id="p012_execsize"> |
<li id="p012_execsize"> |
<font color="#009000"> |
<strong>012: RELIABILITY FIX: July 25, 2018</strong> |
<strong>012: RELIABILITY FIX: July 25, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
A regular user could trigger a kernel panic by executing an invalid |
A regular user could trigger a kernel panic by executing an invalid |
|
|
<p> |
<p> |
|
|
<li id="p013_ipsecexpire"> |
<li id="p013_ipsecexpire"> |
<font color="#009000"> |
<strong>013: RELIABILITY FIX: July 25, 2018</strong> |
<strong>013: RELIABILITY FIX: July 25, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
When an IPsec key expired, the kernel could panic due to unfinished |
When an IPsec key expired, the kernel could panic due to unfinished |
|
|
<p> |
<p> |
|
|
<li id="p014_amdlfence"> |
<li id="p014_amdlfence"> |
<font color="#009000"> |
<strong>014: SECURITY FIX: July 31, 2018</strong> |
<strong>014: SECURITY FIX: July 31, 2018</strong></font> |
|
<i>amd64 and i386</i> |
<i>amd64 and i386</i> |
<br> |
<br> |
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization |
On AMD CPUs, set a chicken bit which turns LFENCE into a serialization |
|
|
<p> |
<p> |
|
|
<li id="p015_ioport"> |
<li id="p015_ioport"> |
<font color="#009000"> |
<strong>015: SECURITY FIX: July 31, 2018</strong> |
<strong>015: SECURITY FIX: July 31, 2018</strong></font> |
|
<i>i386</i> |
<i>i386</i> |
<br> |
<br> |
IO port permissions were incorrectly restricted. |
IO port permissions were incorrectly restricted. |
|
|
<p> |
<p> |
|
|
<li id="p016_fpuinit"> |
<li id="p016_fpuinit"> |
<font color="#009000"> |
<strong>016: RELIABILITY FIX: August 4, 2018</strong> |
<strong>016: RELIABILITY FIX: August 4, 2018</strong></font> |
|
<i>amd64</i> |
<i>amd64</i> |
<br> |
<br> |
Incorrect initialization of the FPU caused floating point exceptions |
Incorrect initialization of the FPU caused floating point exceptions |
|
|
<p> |
<p> |
|
|
<li id="p017_fpufork"> |
<li id="p017_fpufork"> |
<font color="#009000"> |
<strong>017: SECURITY FIX: August 24, 2018</strong> |
<strong>017: SECURITY FIX: August 24, 2018</strong></font> |
|
<i>amd64</i> |
<i>amd64</i> |
<br> |
<br> |
State from the FPU of one userland process could be exposed to other processes. |
State from the FPU of one userland process could be exposed to other processes. |
|
|
<p> |
<p> |
|
|
<li id="p018_vmml1tf"> |
<li id="p018_vmml1tf"> |
<font color="#009000"> |
<strong>018: SECURITY FIX: August 24, 2018</strong> |
<strong>018: SECURITY FIX: August 24, 2018</strong></font> |
|
<i>amd64</i> |
<i>amd64</i> |
<br> |
<br> |
The Intel L1TF bug allows a vmm guest to read host memory. |
The Intel L1TF bug allows a vmm guest to read host memory. |
|
|
<p> |
<p> |
|
|
<li id="p019_ldtr"> |
<li id="p019_ldtr"> |
<font color="#009000"> |
<strong>019: SECURITY FIX: September 21, 2018</strong> |
<strong>019: SECURITY FIX: September 21, 2018</strong></font> |
|
<i>amd64</i> |
<i>amd64</i> |
<br> |
<br> |
On AMD CPUs, LDTR must be managed crossing between VMs. |
On AMD CPUs, LDTR must be managed crossing between VMs. |
|
|
<p> |
<p> |
|
|
<li id="p020_xserver"> |
<li id="p020_xserver"> |
<font color="#009000"> |
<strong>020: SECURITY FIX: October 25, 2018</strong> |
<strong>020: SECURITY FIX: October 25, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
The Xorg X server incorrectly validates certain options, allowing arbitrary |
The Xorg X server incorrectly validates certain options, allowing arbitrary |
|
|
<p> |
<p> |
|
|
<li id="p021_syspatch"> |
<li id="p021_syspatch"> |
<font color="#009000"> |
<strong>021: RELIABILITY FIX: November 2, 2018</strong> |
<strong>021: RELIABILITY FIX: November 2, 2018</strong></font> |
|
<i>i386, amd64, arm64</i> |
<i>i386, amd64, arm64</i> |
<br> |
<br> |
The syspatch utility incorrectly handles symbolic links. |
The syspatch utility incorrectly handles symbolic links. |
|
|
<p> |
<p> |
|
|
<li id="p022_blinding"> |
<li id="p022_blinding"> |
<font color="#009000"> |
<strong>022: SECURITY FIX: November 17, 2018</strong> |
<strong>022: SECURITY FIX: November 17, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Timing side channels may leak information about DSA and ECDSA private keys. |
Timing side channels may leak information about DSA and ECDSA private keys. |
|
|
<p> |
<p> |
|
|
<li id="p023_lockf"> |
<li id="p023_lockf"> |
<font color="#009000"> |
<strong>023: RELIABILITY FIX: November 17, 2018</strong> |
<strong>023: RELIABILITY FIX: November 17, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
A recent change to POSIX file locks could cause incorrect results |
A recent change to POSIX file locks could cause incorrect results |
|
|
<p> |
<p> |
|
|
<li id="p024_perl"> |
<li id="p024_perl"> |
<font color="#009000"> |
<strong>024: SECURITY FIX: November 29, 2018</strong> |
<strong>024: SECURITY FIX: November 29, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Various overflows exist in perl. |
Various overflows exist in perl. |
|
|
<p> |
<p> |
|
|
<li id="p025_uipc"> |
<li id="p025_uipc"> |
<font color="#009000"> |
<strong>025: RELIABILITY FIX: November 29, 2018</strong> |
<strong>025: RELIABILITY FIX: November 29, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can |
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can |
|
|
<p> |
<p> |
|
|
<li id="p026_recvwait"> |
<li id="p026_recvwait"> |
<font color="#009000"> |
<strong>026: RELIABILITY FIX: December 20, 2018</strong> |
<strong>026: RELIABILITY FIX: December 20, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
While recv(2) with the MSG_WAITALL flag was receiving control |
While recv(2) with the MSG_WAITALL flag was receiving control |
|
|
<p> |
<p> |
|
|
<li id="p027_pcbopts"> |
<li id="p027_pcbopts"> |
<font color="#009000"> |
<strong>027: SECURITY FIX: December 22, 2018</strong> |
<strong>027: SECURITY FIX: December 22, 2018</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
The setsockopt(2) system call could overflow mbuf cluster kernel |
The setsockopt(2) system call could overflow mbuf cluster kernel |
|
|
<p> |
<p> |
|
|
<li id="p028_mincore"> |
<li id="p028_mincore"> |
<font color="#009000"> |
<strong>028: SECURITY FIX: February 5, 2019</strong> |
<strong>028: SECURITY FIX: February 5, 2019</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
The mincore() system call can be used to observe memory access patterns |
The mincore() system call can be used to observe memory access patterns |
|
|
<p> |
<p> |
|
|
<li id="p029_nfs"> |
<li id="p029_nfs"> |
<font color="#009000"> |
<strong>029: RELIABILITY FIX: February 5, 2019</strong> |
<strong>029: RELIABILITY FIX: February 5, 2019</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Missing length checks in the NFS server and client can lead to crashes |
Missing length checks in the NFS server and client can lead to crashes |
|
|
<p> |
<p> |
|
|
<li id="p030_pf6frag"> |
<li id="p030_pf6frag"> |
<font color="#009000"> |
<strong>030: SECURITY FIX: March 1, 2019</strong> |
<strong>030: SECURITY FIX: March 1, 2019</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
Fragmented IPv6 packets may be erroneously passed by pf or lead to a crash. |
Fragmented IPv6 packets may be erroneously passed by pf or lead to a crash. |
|
|
<p> |
<p> |
|
|
<li id="p031_pficmp"> |
<li id="p031_pficmp"> |
<font color="#009000"> |
<strong>031: SECURITY FIX: March 22, 2019</strong> |
<strong>031: SECURITY FIX: March 22, 2019</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
A state in pf could pass ICMP packets to a destination IP address |
A state in pf could pass ICMP packets to a destination IP address |
|
|
<p> |
<p> |
|
|
<li id="p032_vmmints"> |
<li id="p032_vmmints"> |
<font color="#009000"> |
<strong>032: SECURITY FIX: March 27, 2019</strong> |
<strong>032: SECURITY FIX: March 27, 2019</strong></font> |
|
<i>amd64 and i386</i> |
<i>amd64 and i386</i> |
<br> |
<br> |
GDT and IDT limits were improperly restored during VMM context switches. |
GDT and IDT limits were improperly restored during VMM context switches. |
|
|
<p> |
<p> |
|
|
<li id="p033_rip6cksum"> |
<li id="p033_rip6cksum"> |
<font color="#009000"> |
<strong>033: RELIABILITY FIX: May 3, 2019</strong> |
<strong>033: RELIABILITY FIX: May 3, 2019</strong></font> |
|
<i>All architectures</i> |
<i>All architectures</i> |
<br> |
<br> |
If a userland program sets the IPv6 checksum offset on a raw socket, |
If a userland program sets the IPv6 checksum offset on a raw socket, |
|
|
</ul> |
</ul> |
|
|
<hr> |
<hr> |
|
|
</body> |
|
</html> |
|