![[OpenBSD]](images/smalltitle.gif)
This is the OpenBSD 5.4 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For errata on a certain release, click below:
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.5.
You can also fetch a tar.gz file containing all the following patches.
This file is updated once a day.
The patches below are available in CVS via the
OPENBSD_5_4 patch branch.
For more detailed information on how to install patches to OpenBSD, please
consult the OpenBSD FAQ.
-
001: RELIABILITY FIX: Nov 7, 2013
All architectures
A crash can happen on
pflow(4)
interface destruction.
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: Nov 7, 2013
All architectures
A memory corruption vulnerability exists in the post-authentication sshd process
when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is
selected during kex exchange.
Review the gcmrekey advisory
for a mitigation.
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: Nov 11, 2013
All architectures
An unprivileged user may hang the system.
A source code patch exists which remedies this problem.
-
004: SECURITY FIX: Nov 21, 2013
All architectures
A problem exists in
nginx(8)
which might allow an attacker to bypass security restrictions in certain
configurations by using a specially crafted request.
This issue was assigned CVE-2013-4547.
A source code patch exists which remedies this problem.
-
005: RELIABILITY FIX: Dec 19, 2013
Strict alignment architectures
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of
the application. The i386, amd64, vax and m68k platforms aren't
affected.
A source code patch exists which remedies this problem.
-
006: SECURITY FIX: Jan 10, 2014
All architectures
A BDF font file containing a longer than expected string could overflow
a buffer on the stack in the X server.
This issue was assigned CVE-2013-6462.
A source code patch exists which remedies this problem.
-
007: SECURITY FIX: April 8, 2014
All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS
heartbeat extension (RFC6520) which can result in a leak of memory contents.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: April 12, 2014
All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
A source code patch exists which remedies this problem.