This is the OpenBSD 4.3 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.4.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_4_3
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
008: SECURITY FIX: January 14, 2009 All architectures
named(8) did not correctly check the return value of a DSA verification
function, potentially allowing bypass of verification of DNSSEC DSA
signatures.
CVE-2009-0025.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: January 9, 2009 All architectures
The OpenSSL libraries did not correctly check the return value from
certain verifiction functions, allowing validation to be bypassed and
permitting a remote attacker to conduct a "man in the middle attack"
against SSL/TLS connections if the server is configured with a DSA or ECDSA
certificate.
CVE-2008-5077.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: October 2, 2008 All architectures
The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
solicitation requests maybe allowing a nearby attacker to intercept traffic.
The attacker must have IPv6 connectivity to the same router as their target for
this vulnerability to be exploited.
CVE-2008-2476.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: July 29, 2008 All architectures
Some kinds of IPv6 usage would leak kernel memory (in particular, this path
was exercised by the named(8) patch for port randomization). Since INET6 is
enabled by default, this condition affects all systems.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: July 23, 2008 All architectures
2nd revision, July 23, 2008
A vulnerability has been found with BIND. An attacker could use this vulnerability
to poison the cache of a recursive resolving name server.
CVE-2008-1447.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: July 15, 2008 All architectures
Multiple vulnerabilities have been discovered in X.Org.
RENDER Extension heap buffer overflow,
RENDER Extension crash,
RENDER Extension memory corruption,
MIT-SHM arbitrary memory read,
RECORD and Security extensions memory corruption.
CVE-2008-2360,
CVE-2008-2361,
CVE-2008-2362,
CVE-2008-1379,
CVE-2008-1377.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: April 3, 2008 All architectures
Avoid possible hijacking of X11-forwarded connections with sshd(8)
by refusing to listen on a port unless all address families bind
successfully.
A source code patch exists which remedies this problem.
-
001: SECURITY FIX: March 30, 2008 All architectures
sshd(8) would execute ~/.ssh/rc even when a sshd_config(5) ForceCommand
directive was in effect, allowing users with write access to this file to
execute arbitrary commands. This behaviour was documented, but was an unsafe
default and an extra hassle for administrators.
A source code patch exists which remedies this problem.
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.4.
www@openbsd.org
$OpenBSD: errata43.html,v 1.14 2009/01/14 22:38:11 djm Exp $