For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
-
001: SECURITY FIX: April 14, 2018
All architectures
Heap overflows exist in perl which can lead to segmentation faults,
crashes, and reading memory past the buffer.
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: April 21, 2018
All architectures
Additional data is inadvertently removed when private keys are cleared from
TLS configuration, which can prevent OCSP from functioning correctly.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: April 21, 2018
All architectures
ARP replies could be sent on the wrong member of a bridge(4) interface.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: April 21, 2018
All architectures
In the gif(4) interface, use the specified protocol for IPv6, plug
a mbuf leak and avoid a use after free.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: April 21, 2018
All architectures
httpd can leak file descriptors when servicing range requests.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: May 8, 2018
All architectures
Incorrect handling of fragmented IPsec packets could result in a system crash.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: May 8, 2018
All architectures
Incorrect checks in libcrypto can prevent Diffie-Hellman Exchange operations
from working.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: May 17, 2018
All architectures
A malicious packet can cause a kernel crash when using IPsec over IPv6.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: June 14, 2018
All architectures
DSA and ECDSA signature generation can potentially leak secret information
to a timing side-channel attack.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: June 17, 2018
amd64
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
so data (including AES keys) from previous contexts could be discovered
if using the lazy-save approach.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: June 21, 2018
All architectures
Perl's Archive::Tar module could be made to write files outside of
its working directory.
A source code patch exists which remedies this problem.