OpenBSD 5.7 errata
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_7
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: INSTALL ISSUE: May 1, 2015
sparc64
The "miniroot" install method is broken (related to the addition of
softraid support). This method is used by the official CD 3 as
well, so it fails to boot on sparc64 machines.
No patch is available for obvious reasons, so use a different install method.
-
002: SECURITY FIX: March 18, 2015
All architectures
Buffer overflows in libXfont
For more information, see the
X.org advisory.
A source code patch exists which remedies this problem.
Note that the instructions should read cd /usr/xenocara/lib/libXfont
.
-
003: SECURITY FIX: March 19, 2015
All architectures
Fix several crash causing defects from OpenSSL.
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
For more information, see the
OpenSSL advisory.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: April 17, 2015
All architectures
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: April 30, 2015
All architectures
A remote user can crash httpd by forcing the daemon to log to a file
before the logging system was initialized.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: April 30, 2015
All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: April 30, 2015
All architectures
Multiple issues in tar/pax/cpio:
- extracting a malicious archive could create files outside of
the current directory without using pre-existing symlinks to 'escape',
and could change the timestamps and modes on preexisting files
- tar without -P would permit extraction of paths with ".." components
- there was a buffer overflow in the handling of pax extension headers
A source code patch exists which remedies this problem.