For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
7.0.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: RELIABILITY FIX: May 4, 2021
amd64
vmd guests can trigger excessive log messages on the host by sending
certain network packets.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: May 18, 2021
All architectures
Request length checks were missing in libX11.
A source code patch exists which remedies this problem.
-
003: SECURITY FIX: May 18, 2021
amd64
vmd guest virtio drivers could cause stack overflows by crafting
invalid virtio descriptor lengths.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: May 21, 2021
All architectures
Insufficient validation of A-MSDUs and fragmented 802.11 frames could
be abused to inject arbitrary frames.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: May 24, 2021
amd64
Recent Intel machines could crash or hang as global mappings were
not flushed from TLB.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: June 8, 2021
amd64
Recent Intel or any AMD machines could crash as the kernel did not
flush all TLBs that multi threaded processes require.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: June 8, 2021
amd64, i386
Disable PPGTT on Intel machines with cherryview/braswell graphics
to avoid memory corruption.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: June 9, 2021
amd64
vmd guests could cause stack overflows by crafting malicious dhcp
requests when using local interfaces.
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: June 25, 2021
All architectures
During config reloads of bgpd(8), prefixes of the wrong address family
could leak to peers resulting in session resets.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: July 25, 2021
All architectures
relayd(8), when using the the http protocol strip filter directive or http
protocol macro expansion, processes format strings.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: July 25, 2021
mips64
On mips64, the strchr/index/strrchr/rindex functions in libc handled
signed characters incorrectly.
A source code patch exists which remedies this problem.
-
012: RELIABILITY FIX: August 04, 2021
sparc64
A missaligned address could trigger a kernel assert and panic the kernel.
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: August 11, 2021
All architectures
In a specific configuration, wg(4) leaked mbufs.
A source code patch exists which remedies this problem.
-
014: SECURITY FIX: August 11, 2021
All architectures
perl(1) Encode (3p) loads a module from an incorrect relative path.
A source code patch exists which remedies this problem.
-
015: SECURITY FIX: August 20, 2021
All architectures
In LibreSSL, printing a certificate can result in a crash in
X509_CERT_AUX_print().
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: September 27, 2021
All architectures
sshd(8) failed to clear supplemental groups when executing an
AuthorizedUsersCommand or AuthorizedPrincipalsCommand helper program.
A source code patch exists which remedies this problem.
-
017: SECURITY FIX: September 27, 2021
All architectures
In libcrypto, part of LibreSSL, a stack overread could occur when
checking X.509 name constraints.
A source code patch exists which remedies this problem.
-
018: RELIABILITY FIX: September 30, 2021
All architectures
Compensate for the expiry of the DST Root X3 certificate.
A source code patch exists which remedies this problem.
-
019: RELIABILITY FIX: October 31, 2021
All architectures
Opening /dev/bpf too often could lead to resource exhaustion.
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: October 31, 2021
All architectures
The kernel could leak memory when closing unix sockets.
A source code patch exists which remedies this problem.
-
021: SECURITY FIX: November 9, 2021
All architectures
rpki-client(8) should handle CA misbehaviours as soft-errors.
A source code patch exists which remedies this problem.
-
022: RELIABILITY FIX: November 26, 2021
All architectures
An unprivileged user could crash the kernel by using UNIX-domain
sockets in multiple threads.
A source code patch exists which remedies this problem.
-
023: RELIABILITY FIX: December 7, 2021
All architectures
Errata 021 broke rpki-client(8) compatibility with bgpd(8)
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: December 14, 2021
All architectures
Multiple input validation failures in the X server request parsing
code can lead to out of bounds memory accesses for authorized
clients.
A source code patch exists which remedies this problem.
-
024: SECURITY FIX: December 16, 2021
All architectures
iIf multicast routing is used, kernel memory is leaked to userland.
A source code patch exists which remedies this problem.