This is the OpenBSD 4.6 release errata & patch list:
For OpenBSD patch branch information, please refer here.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.7.
You can also fetch a tar.gz file containing all the following patches. This file is updated once a day.
The patches below are available in CVS via the OPENBSD_4_6 patch branch.
For more detailed information on how to install patches to OpenBSD, please consult the OpenBSD FAQ.
- 012: RELIABILITY FIX: May 14, 2010 All architectures
Insufficient protection of the trunk interface queues may cause LACP trunks to fail under load.
A source code patch exists which remedies this problem. - 011: RELIABILITY FIX: May 14, 2010 All architectures
Incorrectly initialized state updates can cause pfsync update storms.
A source code patch exists which remedies this problem. - 010: SECURITY FIX: April 14, 2010 All architectures
In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL.
A source code patch exists which remedies this problem. - 009: RELIABILITY FIX: April 4, 2010 All architectures
When updating sensors showing the state of RAID volumes mpi(4) allocates temporary memory and then returns it to the kernel as device memory. This causes kernel memory usage to be misrepresented, eventually leading to a denial of service when a resource limit is apparently reached.
A source code patch exists which remedies this problem. - 008: RELIABILITY FIX: March 31, 2010 All architectures
When decrypting packets, the internal decryption functions were not paranoid enough in checking for underruns, which could potentially lead to crashes.
A source code patch exists which remedies this problem. - 007: RELIABILITY FIX: March 12, 2010 All architectures
Due to a null pointer dereference, it would be possible to crash ftpd when handling glob(3)'ing requests. This is non-exploitable.
A source code patch exists which remedies this problem. - 006: SECURITY FIX: March 12, 2010 All architectures
OpenSSL is susceptible to a buffer overflow due to a failure to check for NULL returns from bn_wexpand function calls.
A source code patch exists which remedies this problem. - 005: RELIABILITY FIX: January 29, 2010 All architectures
By using ptrace(2) on an ancestor process, a loop in the process tree could be created, violating assumptions in other parts of the kernel and resulting in infinite loops.
A source code patch exists which remedies this problem. - 004: SECURITY FIX: November 26, 2009 All architectures
The SSL/TLS protocol is subject to man-in-the-middle attacks related to renegotiation (see CVE-2009-3555, draft-ietf-tls-renegotiation-00). OpenSSL permitted this protocol feature by default and had no way to disable it.
A source code patch exists which remedies this problem. - 003: RELIABILITY FIX: October 28, 2009 All architectures
getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL will crash the system.
A source code patch exists which remedies this problem. - 002: RELIABILITY FIX: October 05, 2009 i386 only
XMM exceptions are not correctly handled resulting in a kernel panic.
A source code patch exists which remedies this problem. - 001: RELIABILITY FIX: July 29, 2009 All architectures
A vulnerability has been found in BIND's named server (CVE-2009-0696). An attacker could crash a server with a specially crafted dynamic update message to a zone for which the server is master.
A source code patch exists which remedies this problem.
For important packages updates, please refer here.
For errata on a certain release, click below:
2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.6,
3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.7.
[email protected]
$OpenBSD: errata46.html,v 1.15 2010/05/14 15:01:37 stephan Exp $