OpenBSD 5.7 Errata (original) (raw)
For errata on a certain release, click below:
2.0,2.1,2.2,2.3,2.4,2.5,2.6,2.7,2.8,2.9,3.0,3.1,3.2,3.3,3.4,3.5,
3.6,3.7,3.8,3.9,4.0,4.1,4.2,4.3,4.4,4.5,4.6,4.7,4.8,4.9,5.0,5.1,
5.2,5.3,5.4,5.5,5.6,5.8,5.9,6.0,6.1,6.2,6.3,6.4,6.5,6.6,6.7,6.8,
6.9,7.0,7.1,7.2,7.3,7.4,7.5,7.6.
Patches for the OpenBSD base system are distributed as unified diffs. Each patch is cryptographically signed with thesignify(1) tool and contains usage instructions. All the following patches are also available in onetar.gz filefor convenience.
Patches for supported releases are also incorporated into the-stable branch.
- 001: INSTALL ISSUE: May 1, 2015 sparc64
The "miniroot" install method is broken (related to the addition of softraid support). This method is used by the official CD 3 as well, so it fails to boot on sparc64 machines.
No patch is available for obvious reasons, so use a different install method. - 002: SECURITY FIX: March 18, 2015 All architectures
Buffer overflows in libXfont
For more information, see theX.org advisory.
A source code patch exists which remedies this problem.
Note that the instructions should readcd /usr/xenocara/lib/libXfont
. - 003: SECURITY FIX: March 19, 2015 All architectures
Fix several crash causing defects from OpenSSL.
These include:
CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
CVE-2015-0287 - ASN.1 structure reuse memory corruption
CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
CVE-2015-0289 - PKCS7 NULL pointer dereferences
Several other issues did not apply or were already fixed.
For more information, see theOpenSSL advisory.
A source code patch exists which remedies this problem. - 004: RELIABILITY FIX: April 17, 2015 All architectures
Fix a logic error in smtpd handling of SNI. This could allow a remote user to crash the server or provoke a disconnect of other sessions.
A source code patch exists which remedies this problem. - 005: RELIABILITY FIX: April 30, 2015 All architectures
A remote user can crash httpd by forcing the daemon to log to a file before the logging system was initialized.
A source code patch exists which remedies this problem. - 006: SECURITY FIX: April 30, 2015 All architectures
Malformed binaries could trigger kernel panics or view kernel memory.
A source code patch exists which remedies this problem. - 007: SECURITY FIX: April 30, 2015 All architectures
Multiple issues in tar/pax/cpio:- extracting a malicious archive could create files outside of the current directory without using pre-existing symlinks to 'escape', and could change the timestamps and modes on preexisting files
- tar without -P would permit extraction of paths with ".." components
- there was a buffer overflow in the handling of pax extension headers
A source code patch exists which remedies this problem.
- 008: RELIABILITY FIX: June 11, 2015 All architectures
Fix multiple reliability issues in smtpd:- a local user can cause smtpd to fail by writing an invalid imsg to control socket.
- a local user can prevent smtpd from serving new requests by exhausting descriptors.
A source code patch exists which remedies this problem.
- 009: SECURITY FIX: June 11, 2015 All architectures
Fix several defects from OpenSSL:- CVE-2015-1788 - Malformed ECParameters causes infinite loop
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
Note that CMS was already disabled in LibreSSL. Several other issues did not apply or were already fixed and one is under review.
For more information, see theOpenSSL advisory.
A source code patch exists which remedies this problem.
- 010: SECURITY FIX: July 14, 2015 All architectures
A TCP socket can become confused and not properly cleanup resources.
A source code patch exists which remedies this problem. - 011: RELIABILITY FIX: July 26, 2015 All architectures
A kernel memory leak could be triggered by an unprivileged user in a failure case when using execve under systrace.
A source code patch exists which remedies this problem. - 012: SECURITY FIX: July 26, 2015 All architectures
The patch utility could be made to invoke arbitrary commands via the obsolete RCS support when processing a crafted input file. This patch deletes the RCS support.
A source code patch exists which remedies this problem. - 013: SECURITY FIX: July 30, 2015 All architectures
The patch utility could become desyncronized processing ed(1)-style diffs.
A source code patch exists which remedies this problem. - 014: SECURITY FIX: August 16, 2015 All architectures
A change to sshd resulted in incorrect permissions being applied to pseudo terminal devices, allowing local users to write to (but not read from) them.
A source code patch exists which remedies this problem. - 015: RELIABILITY FIX: September 28, 2015 All architectures
Various problems were identified in relayd and merged back from current to 5.7 in this maintenance update.
A source code patch exists which remedies this problem. - 016: RELIABILITY FIX: September 28, 2015 All architectures
An incorrect operation in uvm could result in system panics.
A source code patch exists which remedies this problem. - 017: SECURITY FIX: October 1, 2015 All architectures
Fix multiple reliability and security issues in smtpd:- local and remote users could make smtpd crash or stop serving requests.
- a buffer overflow in the unprivileged, non-chrooted smtpd (lookup) process could allow a local user to cause a crash or potentially execute arbitrary code.
- a use-after-free in the unprivileged, non-chrooted smtpd (lookup) process could allow a remote attacker to cause a crash or potentially execute arbitrary code.
- hardlink and symlink attacks allowed a local user to unset chflags or leak the first line of an arbitrary file.
A source code patch exists which remedies this problem.
- 018: RELIABILITY FIX: October 14, 2015 All architectures
A problem with timer kevents could result in a kernel hang (local denial of service).
A source code patch exists which remedies this problem. - 019: RELIABILITY FIX: October 15, 2015 All architectures
The OBJ_obj2txt function in libcrypto contains a one byte buffer overrun and memory leak, as reported by Qualys Security.
A source code patch exists which remedies this problem. - 020: RELIABILITY FIX: November 9, 2015 All architectures
Insufficient validation of RSN element group cipher values in 802.11 beacons and probe responses could result in system panics.
A source code patch exists which remedies this problem. - 021: RELIABILITY FIX: Dec 3, 2015 All architectures
A NULL pointer deference could be triggered by a crafted certificate sent to services configured to verify client certificates on TLS/SSL connections.
A source code patch exists which remedies this problem. - 022: SECURITY FIX: January 14, 2016 All architectures
Experimental roaming code in the ssh client could be tricked by a hostile sshd server, potentially leaking key material. CVE-2016-0777 and CVE-0216-0778.
Prevent this problem immediately by adding the line "UseRoaming no" to**/etc/ssh/ssh_config**.
A source code patch exists which remedies this problem. - 023: SECURITY FIX: March 10, 2016 All architectures
Lack of credential sanitization allows injection of commands to xauth(1).
Prevent this problem immediately by not using the "X11Forwarding" feature (which is disabled by default)
A source code patch exists which remedies this problem. - 024: SECURITY FIX: March 16, 2016 All architectures
Insufficient checks in IPv6 socket binding and UDP IPv6 option processing allow a local user to send UDP packets with a source (IPv6 address + port) already reserved by another user.
A source code patch exists which remedies this problem.