Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Patches for supported releases are also incorporated into the
-stable branch.
001: INSTALL ISSUE: May 1, 2015sparc64
The "miniroot" install method is broken (related to the addition of
softraid support). This method is used by the official CD 3 as
well, so it fails to boot on sparc64 machines.
No patch is available for obvious reasons, so use a different install method.
004: RELIABILITY FIX: April 17, 2015All architectures
Fix a logic error in smtpd handling of SNI.
This could allow a remote user to crash the server or provoke a disconnect of other sessions.
A source code patch exists which remedies this problem.
007: SECURITY FIX: April 30, 2015All architectures
Multiple issues in tar/pax/cpio:
extracting a malicious archive could create files outside of
the current directory without using pre-existing symlinks to 'escape',
and could change the timestamps and modes on preexisting files
tar without -P would permit extraction of paths with ".." components
there was a buffer overflow in the handling of pax extension headers
011: RELIABILITY FIX: July 26, 2015All architectures
A kernel memory leak could be triggered by an unprivileged user in
a failure case when using execve under systrace.
A source code patch exists which remedies this problem.
012: SECURITY FIX: July 26, 2015All architectures
The patch utility could be made to invoke arbitrary commands via
the obsolete RCS support when processing a crafted input file.
This patch deletes the RCS support.
A source code patch exists which remedies this problem.
014: SECURITY FIX: August 16, 2015All architectures
A change to sshd resulted in incorrect permissions being applied to pseudo
terminal devices, allowing local users to write to (but not read from) them.
A source code patch exists which remedies this problem.
017: SECURITY FIX: October 1, 2015All architectures
Fix multiple reliability and security issues in smtpd:
local and remote users could make smtpd crash or stop serving requests.
a buffer overflow in the unprivileged, non-chrooted smtpd (lookup)
process could allow a local user to cause a crash or potentially
execute arbitrary code.
a use-after-free in the unprivileged, non-chrooted smtpd (lookup)
process could allow a remote attacker to cause a crash or potentially
execute arbitrary code.
hardlink and symlink attacks allowed a local user to unset chflags or
leak the first line of an arbitrary file.
019: RELIABILITY FIX: October 15, 2015All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
A source code patch exists which remedies this problem.
020: RELIABILITY FIX: November 9, 2015All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
A source code patch exists which remedies this problem.
021: RELIABILITY FIX: Dec 3, 2015All architectures
A NULL pointer deference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
A source code patch exists which remedies this problem.
022: SECURITY FIX: January 14, 2016All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
server, potentially leaking key material. CVE-2016-0777 and CVE-0216-0778.
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.
A source code patch exists which remedies this problem.
024: SECURITY FIX: March 16, 2016All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
A source code patch exists which remedies this problem.
