OpenBSD 5.8 errata
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_8
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: SECURITY FIX: August 30, 2015
All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
Use "no" (which is the installer default), or apply the following patch.
A source code patch exists which remedies this problem.
-
002: INTEROPERABILITY FIX: August 30, 2015
All architectures
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: September 28, 2015
All architectures
An incorrect operation in uvm could result in system panics.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: October 1, 2015
All architectures
Fix multiple reliability and security issues in smtpd:
- local and remote users could make smtpd crash or stop serving requests.
- a buffer overflow in the unprivileged, non-chrooted smtpd (lookup)
process could allow a local user to cause a crash or potentially
execute arbitrary code.
- a use-after-free in the unprivileged, non-chrooted smtpd (lookup)
process could allow a remote attacker to cause a crash or potentially
execute arbitrary code.
- hardlink and symlink attacks allowed a local user to unset chflags or
leak the first line of an arbitrary file.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: October 14, 2015
All architectures
A problem with timer kevents could result in a kernel hang (local denial
of service).
A source code patch exists which remedies this problem.
-
006: RELEASE CD ISSUE: Oct 18, 2015
All architectures
The "src.tar.gz" file on the source tree was created on the wrong day,
and does not match the 5.8 release builds.
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.