OpenBSD 5.6 errata
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_6
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: RELIABILITY FIX: September 5, 2014
All architectures
Incorrect RX ring computation leads to panics under load with bge(4), em(4) and ix(4).
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: October 1, 2014
All architectures
If IPv6 autoconf is active on an interface and the autoconfprivacy extension is used,
redundant addresses are added whenever an autoconfprivacy address expires.
The autoconfprivacy extension is used by default and can be disabled with ifconfig(8)
as a workaround:
# ifconfig em0 -autoconfprivacy
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: October 1, 2014
All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual
host confusion attacks in some configurations.
This issue was assigned CVE-2014-3616.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: October 20, 2014
All architectures
Executable headers with an unaligned address will trigger a kernel panic.
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: October 20, 2014
All architectures
This patch disables the SSLv3 protocol by default.
Applications depending on SSLv3 may need to be recompiled with
SSL_CTX_clear_option(ctx, SSL_OP_NO_SSLv3);
but we recommend against the continued use of this obsolete protocol.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: November 17, 2014
All architectures
Certain http requests can crash relayd.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: November 17, 2014
All architectures
A PF rule using an IPv4 address
followed by an IPv6 address and then a dynamic address, e.g. "pass
from {192.0.2.1 2001:db8::1} to (pppoe0)", will have an incorrect /32
mask applied to the dynamic address.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: November 17, 2014
All architectures
Querying an invalid hostname with gethostbyname(3) could cause a NULL deref.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: November 18, 2014
All architectures
httpd was developed very rapidly in the weeks before 5.6 release, and
it has a few flaws. It would be nice to get these flaws fully
remediated before the next release, and that requires the community to
want to use it. Therefore here is a "jumbo" patch that brings in the
most important fixes.
A source code patch exists which remedies this problem.