This is the OpenBSD 5.3 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.4.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_3
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: RELIABILITY FIX: March 15, 2013 All architectures
A rare condition during session startup may cause bgpd to replace
an active session leading to unknown consequences. Bug found by
inspection (we do not know how to reproduce it, consider that a challenge).
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: May 5, 2013 All architectures
A flaw exists in the vr(4) driver that may cause it to not recover from some error conditions.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: May 17, 2013 All architectures
A problem exists in
nginx(8)
if proxy_pass is used with untrusted HTTP backend servers.
The problem may lead to a denial of service or a disclosure of a
worker process memory on a specially crafted response from an
upstream proxied server.
This issue was assigned CVE-2013-2070.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: May 17, 2013 All architectures
As discovered by Peter Philipp, it is possible for an unprivileged user
process to trigger deleting the undeletable RNF_ROOT route, resulting in
a kernel panic.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 31, 2013 All architectures
A local denial of service is possible by an unprivileged user if the
SIOCSIFADDR ioctl is performed upon an AF_INET6 socket with a specially
crafted parameter.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: June 12, 2013 All architectures
A denial of services was discovered where certain combinations of
TFTP options could cause OACK generation to fail, which in turn
caused a double free in tftpd.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: June 12, 2013 All architectures
Two flaws in the vio(4)
driver may cause a kernel panic, and may cause IPv6 neighbour discovery to fail
due to multicast receive problems.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: Nov 7, 2013 All architectures
A crash can happen on pflow(4) interface destruction.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: Nov 7, 2013 All architectures
A memory corruption vulnerability exists in the post-authentication sshd process
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is
selected during kex exchange.
Review the gcmrekey advisory
for a mitigation.
A source code patch exists which remedies this problem.
-
010: RELIABILITY FIX: Nov 11, 2013 All architectures
An unprivileged user may hang the system.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: Nov 21, 2013 All architectures
A problem exists in
nginx(8)
which might allow an attacker to bypass security restrictions in certain
configurations by using a specially crafted request.
This issue was assigned CVE-2013-4547.
A source code patch exists which remedies this problem.
www@openbsd.org
$OpenBSD: errata53.html,v 1.15 2013/11/30 21:02:22 brad Exp $