For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
-
001: INTEROPERABILITY FIX: May 2, 2017
All architectures
dhcpd unconditionally echoed the client identifier, preventing some devices
from acquiring a lease.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 2, 2017
amd64
vmm mismanaged floating point contexts.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: May 2, 2017
All architectures
A consistency check error could cause programs to incorrectly verify
TLS certificates when using callbacks that always return 1.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: May 2, 2017
All architectures
softraid was unable to create usable concat volumes because
it always set the size of the volume to zero sectors.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 6, 2017
All architectures
Expired pf source tracking entries never got removed, leading to
memory exhaustion.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 8, 2017
All architectures
Incorrect DTLS cookie handling can result in a NULL pointer dereference.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: May 13, 2017
All architectures
Heap-based buffer overflows in freetype can result in out-of-bounds writes.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: May 19, 2017
All architectures
An additional mitigation is added by placing a gap of 1 MB between the
stack and mmap spaces.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: May 22, 2017
All architectures
The kernel could leak memory when processing ICMP packets with IP options.
Note that pf blocks such packets by default.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 4, 2017
All architectures
A race condition exists in the File::Path perl module.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 12, 2017
hppa
An integer overflow exists in two range checks of the sti(4) display driver.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: June 12, 2017
All architectures
An unprivileged user can cause a kernel crash.
A source code patch exists which remedies this problem.