For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
-
001: INTEROPERABILITY FIX: May 2, 2017
All architectures
dhcpd unconditionally echoed the client identifier, preventing some devices
from acquiring a lease.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 2, 2017
amd64
vmm mismanaged floating point contexts.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: May 2, 2017
All architectures
A consistency check error could cause programs to incorrectly verify
TLS certificates when using callbacks that always return 1.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: May 2, 2017
All architectures
softraid was unable to create usable concat volumes because
it always set the size of the volume to zero sectors.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 6, 2017
All architectures
Expired pf source tracking entries never got removed, leading to
memory exhaustion.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 8, 2017
All architectures
Incorrect DTLS cookie handling can result in a NULL pointer dereference.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: May 13, 2017
All architectures
Heap-based buffer overflows in freetype can result in out-of-bounds writes.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: May 19, 2017
All architectures
An additional mitigation is added by placing a gap of 1 MB between the
stack and mmap spaces.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: May 22, 2017
All architectures
The kernel could leak memory when processing ICMP packets with IP options.
Note that pf blocks such packets by default.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 4, 2017
All architectures
A race condition exists in the File::Path perl module.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 12, 2017
hppa
An integer overflow exists in two range checks of the sti(4) display driver.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: June 12, 2017
All architectures
An unprivileged user can cause a kernel crash.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: June 27, 2017
All architectures
When pinging an IPv6 link-local address, the reflected packet had
::1 as source address. The echo reply was ignored as it must be
from the link-local address.
A source code patch exists which remedies this problem.
-
014: RELIABILITY FIX: July 5, 2017
All architectures
Self-issued certificates are improperly treated as self-signed certificates,
leading to possible verification failures.
A source code patch exists which remedies this problem.
-
015: RELIABILITY FIX: August 3, 2017
All architectures
A SIGIO-related use-after-free can occur in two drivers.
A source code patch exists which remedies this problem.
-
016: RELIABILITY FIX: August 3, 2017
All architectures
A missing length check in sendsyslog() may result in a kernel panic.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: August 3, 2017
All architectures
An out-of-bound read in vfs_getcwd_scandir() (mainly used for FUSE)
may result in a kernel panic or info leak.
A source code patch exists which remedies this problem.
-
018: SECURITY FIX: August 3, 2017
All architectures
An alignment issue in recv() may result in an info leak via ktrace().
A source code patch exists which remedies this problem.
-
019: SECURITY FIX: August 3, 2017
All architectures
With an invalid address family, tcp_usrreq() may take an unintended code path.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: August 3, 2017
All architectures
Missing socket address validation from userland may result in an info leak.
A source code patch exists which remedies this problem.
-
021: SECURITY FIX: August 3, 2017
All architectures
An uninitialized variable in ptrace() may result in an info leak.
A source code patch exists which remedies this problem.
-
022: SECURITY FIX: August 3, 2017
All architectures
An uninitialized variable in fcntl() may result in an info leak.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: August 3, 2017
All architectures
An integer overflow in wsdisplay_cfg_ioctl() may result in an out-of-bounds
read.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: August 3, 2017
All architectures
A race condition in sosplice() may result in a kernel memory leak.
A source code patch exists which remedies this problem.
-
025: SECURITY FIX: August 3, 2017
All architectures
An out of bounds read could occur during processing of EAPOL frames in
the wireless stack. Information from kernel memory could be leaked to
root in userland via an ieee80211(9) ioctl.
A source code patch exists which remedies this problem.
-
026: SECURITY FIX: August 26, 2017
amd64 and i386
SMAP enforcement could be bypassed by userland code.
A source code patch exists which remedies this problem.
-
027: SECURITY FIX: August 30, 2017
All architectures
State transition errors could cause reinstallation of old WPA keys.
A source code patch exists which remedies this problem.
-
028: SECURITY FIX: September 22, 2017
All architectures
A buffer over-read and heap overflow in perl's regexp may result in
a crash or memory leak.
A source code patch exists which remedies this problem.