This is the OpenBSD 4.7 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.8.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_4_7
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
008: RELIABILITY FIX: November 17, 2010 All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded
and use OpenSSL's internal caching mechanism. Servers that are multi-process
and/or disable internal session caching are not affected.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: September 14, 2010 All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: July 8, 2010 All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 14, 2010 All architectures
Incorrectly initialized state updates can cause pfsync update storms.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: April 23, 2010 All architectures
The combination of pfsync and IPSEC may crash the kernel.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: April 14, 2010 All architectures
In TLS connections, certain incorrectly formatted records can cause
an OpenSSL client or server to crash due to a read attempt at NULL.
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: April 4, 2010 All architectures
When updating sensors showing the state of RAID volumes
mpi(4)
allocates temporary memory and then returns it to the kernel as
device memory.
This causes kernel memory usage to be misrepresented, eventually
leading to a denial of service when a resource limit is apparently
reached.
A source code patch exists which remedies this problem.
-
001: RELIABILITY FIX: March 31, 2010 All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
lead to crashes.
A source code patch exists which remedies this problem.
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.8.
www@openbsd.org
$OpenBSD: errata47.html,v 1.16 2010/11/18 08:34:45 jasper Exp $