This is the OpenBSD 5.5 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.6.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_5
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: RELIABILITY FIX: March 15, 2014
All architectures
Memory corruption happens during
ICMP reflection handling. ICMP reflection is disabled by default.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: April 8, 2014
All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: April 9, 2014
All architectures
Missing hostname check for HTTPS connections in the
ftp(1)
utility.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: April 12, 2014
All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 1, 2014
All architectures
An attacker can trigger generation of an SSL alert which could cause
a null pointer dereference.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: May 24, 2014
All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
- CVE-2014-0209: integer overflow of allocations in font metadata file parsing
- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
- CVE-2014-0211: integer overflows calculating memory needs for xfs replies
Please see the advisory for more information.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: June 5, 2014
All architectures
Sendmail was not properly closing file descriptions before executing programs.
This could enable local users to interfere with an open SMTP connection.
This issue was assigned CVE-2014-3956.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: June 6, 2014
All architectures
This patch contains a number of SSL library fixes.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: July 30, 2014
All architectures
Packets with illegal DHCP options can lead to memory exhaustion of
dhclient(8)
and
dhcpd(8).
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: August 9, 2014
All architectures
This patch contains a number of SSL library fixes.
A source code patch exists which remedies this problem.