This is the OpenBSD 3.6 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_3_6
patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
020: SECURITY FIX: July 21, 2005
All architectures
A buffer overflow has been found in
compress(3)
which may be exploitable.
Please note that this fixes a different buffer overflow than the previous zlib patch.
A source code patch exists which remedies this problem.
-
019: SECURITY FIX: July 6, 2005
All architectures
A buffer overflow has been found in
compress(3)
which may be exploitable.
A source code patch exists which remedies this problem.
-
018: SECURITY FIX: June 20, 2005
All architectures
Due to a race condition in its command pathname handling, a user with
sudo(8)
privileges may be able to run arbitrary commands if the user's entry
is followed by an entry that grants sudo ALL privileges to
another user.
A source code patch exists which remedies this problem.
-
017: RELIABILITY FIX: June 15, 2005
All architectures
As discovered by Stefan Miltchev calling
getsockopt(2)
to get
ipsec(4)
credentials for a socket can result in a kernel panic.
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: April 28, 2005
All architectures
Fix a buffer overflow, memory leaks, and NULL pointer dereference in
cvs(1)
. None of these issues are known to be exploitable.
CAN-2005-0753
.
A source code patch exists which remedies this problem.
-
015: RELIABILITY FIX: April 4, 2005
All architectures
Handle an edge condition in
tcp(4)
timestamps.
A source code patch exists which remedies this problem.
-
014: SECURITY FIX: March 30, 2005
All architectures
Due to buffer overflows in
telnet(1),
a malicious server or man-in-the-middle attack could allow execution of
arbitrary code with the privileges of the user invoking
telnet(1).
Noone should use telnet anymore. Please use
ssh(1).
A source code patch exists which remedies this problem.
-
013: RELIABILITY FIX: March 30, 2005
All architectures
Bugs in the
tcp(4)
stack can lead to memory exhaustion or processing of TCP segments with
invalid SACK options and cause a system crash.
A source code patch exists which remedies this problem.
-
012: SECURITY FIX: March 16, 2005
amd64 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
A source code patch exists which remedies this problem.
-
011: SECURITY FIX: February 28, 2005
i386 only
More stringent checking should be done in the
copy(9)
functions to prevent their misuse.
A source code patch exists which remedies this problem.
-
010: RELIABILITY FIX: January 11, 2005
All architectures
A bug in the
tcp(4)
stack allows an invalid argument to be used in calculating the TCP
retransmit timeout. By sending packets with specific values in the TCP
timestamp option, an attacker can cause a system panic.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: January 12, 2005
All architectures
httpd(8)
's mod_include module fails to properly validate the length of
user supplied tag strings prior to copying them to a local buffer,
causing a buffer overflow.
This would require enabling the XBitHack directive or server-side
includes and making use of a malicious document.
A source code patch exists which remedies this problem.
-
008: RELIABILITY FIX: January 6, 2005
All architectures
The
getcwd(3)
library function contains a memory management error, which causes failure
to retrieve the current working directory if the path is very long.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: December 14, 2004
All architectures
On systems running
isakmpd(8)
it is possible for a local user to cause kernel memory corruption
and system panic by setting
ipsec(4)
credentials on a socket.
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: November 21, 2004
All architectures
Fix for transmit side breakage on macppc and mbuf leaks with
xl(4).
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: November 21, 2004
All architectures
Wrong calculation of NAT-D payloads may cause interoperability problems between
isakmpd(8)
and other ISAKMP/IKE implementations.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: November 10, 2004
All architectures
Due to a bug in
lynx(1)
it is possible for pages such as
this
to cause
lynx(1)
to exhaust memory and then crash when parsing such pages.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: November 10, 2004
All architectures
pppd(8)
contains a bug that allows an attacker to crash his own connection, but it cannot
be used to deny service to other users.
A source code patch exists which remedies this problem.
-
002: RELIABILITY FIX: November 10, 2004
All architectures
BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
thus slow DNS queries.
A source code patch exists which remedies this problem.
-
001: RELIABILITY FIX: November 10, 2004
All architectures
Fix detection of tape blocksize during device open. Corrects problem with
restore(8).
A source code patch exists which remedies this problem.