For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
-
001: RELIABILITY FIX: May 3, 2023
All architectures
A new ASPA object appeared in the RPKI ecosystem and exposed bugs in
bgpd(8) and rpki-client(8).
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: May 16, 2023
All architectures
Avoid fatal errors in bgpd(8) due to incorrect refcounting and mishandling
of ASPA objects. Fix bgpctl(8) 'show rib in' by renaming 'invalid' into
'disqualified'.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: May 26, 2023
All architectures
IP address inheritance was handled incorrectly in rpki-client(8).
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: May 26, 2023
All architectures
A double free or use after free could occur after SSL_clear(3).
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: June 15, 2023
All architectures
libX11 CVE-2023-3138 Missing checks in XQueryExtension() return values.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: July 12, 2023
All architectures
Incorrect length handling of path attributes in bgpd(8) can lead to a
session reset.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: July 12, 2023
All architectures
A malformed HTTP request can crash httpd(8), if fastcgi is in use.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: July 12, 2023
All architectures
Incomplete validation of ELF headers in execve(2).
A source code patch exists which remedies this problem.
-
009: RELIABILITY FIX: July 12, 2023
All architectures
When tracking nexthops over IPv6 multipath routes, or when receiving
a NOTIFICATION while reaching an internal limit, bgpd(8) could crash.
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: July 19, 2023
All architectures
In ssh-agent(1)'s PKCS#11 provider support, remote execution was
possible due to controllable access in low-quality libraries. In
addition to fixing this, the ability to remotely load PKCS#11
libraries is now disabled by default (re-enable with
'-Oallow-remote-pkcs11').
A source code patch exists which remedies this problem.