For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
-
001: SECURITY FIX: October 25, 2018
All architectures
The Xorg X server incorrectly validates certain options, allowing arbitrary
files to be overwritten.
As an immediate (temporary) workaround, the Xorg binary can be disabled
by running: chmod u-s /usr/X11R6/bin/Xorg
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: November 2, 2018
i386, amd64, arm64
The syspatch utility incorrectly handles symbolic links.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: November 17, 2018
All architectures
The portsmash vulnerability allows exfiltration of elliptic curve keys.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: November 17, 2018
All architectures
A recent change to POSIX file locks could cause incorrect results
during lock acquisition.
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: November 29, 2018
All architectures
Various overflows exist in perl.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: November 29, 2018
All architectures
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can
attempt excessive memory allocations leading to a crash.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: November 29, 2018
All architectures
The mail.mda and mail.lmtp delivery agents were not reporting temporary
failures correctly, causing smtpd to bounce messages in some cases where
it should have retried them.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: November 29, 2018
amd64 and i386
Writing more than 4GB to a qcow2 volume corrupts the virtual disk.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: December 20, 2018
All architectures
While recv(2) with the MSG_WAITALL flag was receiving control
messages from a socket, the kernel could panic.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: December 22, 2018
All architectures
The setsockopt(2) system call could overflow mbuf cluster kernel
memory by 4 bytes.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: January 27, 2019
All architectures
The mincore() system call can be used to observe memory access patterns
of other processes.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: January 27, 2019
All architectures
Missing length checks in the NFS server and client can lead to crashes
and other errors.
A source code patch exists which remedies this problem.
-
013: SECURITY FIX: January 27, 2019
All architectures
The unveil() system call can leak memory.
A source code patch exists which remedies this problem.