For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_9
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: SECURITY FIX: March 10, 2016
All architectures
Lack of credential sanitization allows injection of commands to xauth(1).
Prevent this problem immediately by not using the "X11Forwarding" feature
(which is disabled by default)
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: March 16, 2016
All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: March 16, 2016
All architectures
Incorrect path processing in pledge_namei() could result in unexpected
program termination of pledge(2)'d programs.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: April 30, 2016
All architectures
A problem in m_dup_pkt() can result in kernel crashes with carp(4).
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: May 3, 2016
All architectures
Fix issues in the libcrypto library.
Refer to the advisory.
- Memory corruption in the ASN.1 encoder (CVE-2016-2108)
- Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- EVP_EncodeUpdate overflow (CVE-2016-2105)
- EVP_EncryptUpdate overflow (CVE-2016-2106)
- ASN.1 BIO excessive memory allocation (CVE-2016-2109)
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 16, 2016
All architectures
Fix issues in smtpd.
- Fix logic issue in smtp state machine that can lead to invalid state and result in crash.
- Plug file pointer leak that can lead to resources exhaustion and result in crash.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: May 17, 2016
All architectures
Insufficient checks in the uvideo(4) V4L2 ioctl handling leak kernel
memory contents to a local user.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: May 18, 2016
All architectures
Fix issue in the bnx(4) ethernet driver that could cause data corruption.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: May 29, 2016
All architectures
Fix a bug in the libcrypto library when parsing certain ASN.1 elements.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 2, 2016
All architectures
Fix issues in the libexpat library to prevent multiple integer and
buffer overflows.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 6, 2016
All architectures
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
A source code patch exists which remedies this problem.
-
012: SECURITY FIX: June 27, 2016
All architectures
Correct a problem that could result in incorrect parsing/encoding of times in OCSP messages.
A source code patch exists which remedies this problem.