Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Patches for supported releases are also incorporated into the
-stable branch.
001: SECURITY FIX: August 30, 2015All architectures
Inverted logic made PermitRootLogin "prohibit-password" unsafe.
Use "no" (which is the installer default), or apply the following patch.
A source code patch exists which remedies this problem.
002: INTEROPERABILITY FIX: August 30, 2015All architectures
LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
A source code patch exists which remedies this problem.
004: SECURITY FIX: October 1, 2015All architectures
Fix multiple reliability and security issues in smtpd:
local and remote users could make smtpd crash or stop serving requests.
a buffer overflow in the unprivileged, non-chrooted smtpd (lookup)
process could allow a local user to cause a crash or potentially
execute arbitrary code.
a use-after-free in the unprivileged, non-chrooted smtpd (lookup)
process could allow a remote attacker to cause a crash or potentially
execute arbitrary code.
hardlink and symlink attacks allowed a local user to unset chflags or
leak the first line of an arbitrary file.
006: RELEASE CD ISSUE: Oct 18, 2015All architectures
The "src.tar.gz" file on the source tree was created on the wrong day,
and does not match the 5.8 release builds.
A replacement file is available in the 5.8 release directory with the name cd-src.tar.gz; due to size of the file, check local mirrors also.
007: RELIABILITY FIX: October 15, 2015All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun
and memory leak, as reported by Qualys Security.
A source code patch exists which remedies this problem.
008: RELIABILITY FIX: November 9, 2015All architectures
Insufficient validation of RSN element group cipher values in 802.11
beacons and probe responses could result in system panics.
A source code patch exists which remedies this problem.
009: RELIABILITY FIX: Dec 3, 2015All architectures
A NULL pointer dereference could be triggered by a crafted certificate sent to
services configured to verify client certificates on TLS/SSL connections.
A source code patch exists which remedies this problem.
010: SECURITY FIX: January 14, 2016All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd
server, potentially leaking key material. CVE-2016-0777 and CVE-0216-0778.
Prevent this problem immediately by adding the line "UseRoaming no" to
/etc/ssh/ssh_config.
A source code patch exists which remedies this problem.
012: SECURITY FIX: March 16, 2016All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option
processing allow a local user to send UDP packets with a source
(IPv6 address + port) already reserved by another user.
A source code patch exists which remedies this problem.
013: SECURITY FIX: May 3, 2016All architectures
Fix issues in the libcrypto library.
Refer to the OpenSSL advisory.
Memory corruption in the ASN.1 encoder (CVE-2016-2108)
Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
EVP_EncodeUpdate overflow (CVE-2016-2105)
EVP_EncryptUpdate overflow (CVE-2016-2106)
ASN.1 BIO excessive memory allocation (CVE-2016-2109)
017: SECURITY FIX: June 6, 2016All architectures
Correct a problem that prevents the DSA signing algorithm from running
in constant time even if the flag BN_FLG_CONSTTIME is set.
A source code patch exists which remedies this problem.
023: RELIABILITY FIX: July 14, 2016All architectures
Unchecked parameters and integer overflows in the amap allocation routines
could cause malloc(9) to either not allocate enough memory, leading to memory
corruption, or to trigger a "malloc: allocation too large" panic.
A source code patch exists which remedies this problem.
