Errata patches for wsmux have been released for OpenBSD 6.1 and 6.0.
An unprivileged console user can cause a kernel crash.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:
Errata patches for dhcpd, vmm, LibreSSL and softraid have been released
for OpenBSD 6.1 today.
Details can be found on this page: https://www.openbsd.org/errata61.html
Binary updates for the amd64 and i386 platforms are also available via
the syspatch utility. Note that syspatch uses the mirror
Errata patches for libssl have been released for OpenBSD 6.1 and 6.0.
Incorrect DTLS cookie handling can result in a NULL pointer dereference.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata pages:
Errata patches have been released for OpenBSD 6.2 and 6.1.
A local user could trigger a kernel panic by using an invalid TCB value.
Binary updates for the amd64 platform are available via the syspatch
utility. Source code patches can be found on the respective errata
pages:
Errata patches have been released for OpenBSD 6.1 and 6.0.
Out of bounds TCB settings may result in a kernel panic.
Binary updates for the amd64 platform are available via the syspatch
utility. Source code patches can be found on the respective errata
pages:
Errata patches have been released for OpenBSD 6.1 and 6.0.
A kernel executable address was leaked to userland.
Binary updates for the amd64 platform are available via the syspatch
utility. Source code patches can be found on the respective errata
pages:
https://www.openbsd.org/errata60.html
Errata patches have been released for OpenBSD 6.2 and 6.1.
A number of bugs were discovered in the MPLS stack that can be used to
remotely trigger kernel crashes.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on
An errata patch has been released for OpenBSD 6.2.
The fktrace(2) system call had insufficient security checks.
This update disables fktrace(2) entirely.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the
Errata patches for IPsec have been released for OpenBSD 6.3 and 6.2.
Incorrect handling of fragmented IPsec packets could result in a system crash.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
Errata patches for x86 floating-point units have been released for OpenBSD 6.3.
Intel CPUs speculatively access FPU registers even when the FPU is disabled,
so data (including AES keys) from previous contexts could be discovered if
using the lazy-save approach.
Binary updates for the amd64
Errata patches for libssl have been released for OpenBSD 6.2.
An incorrect TLS extensions block is generated when no extensions are
present, which can result in handshake failures.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.
IO port permissions were incorrectly restricted.
Binary updates for the i386 platform are available via the syspatch utility.
Source code patches can be found on the respective errata pages:
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.
Incorrect initialization of the FPU caused floating point exceptions when
running on Xen.
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.
The Intel L1TF bug allows a vmm guest to read host memory.
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata pages:
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.
State from the FPU of one userland process could be exposed to other
processes.
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata pages:
Errata patches for IPsec have been released for OpenBSD 6.3 and 6.2.
When an IPsec key expired, the kernel could panic due to unfinished
timeout tasks.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.
A regular user could trigger a system crash by executing an invalid
ELF binary.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the
Errata patches for a speculative execution flaw in Intel CPUs have been
released for OpenBSD 6.2 and 6.1.
Intel CPUs contain a flaw called "Meltdown" which allows userspace programs
to access kernel memory.
Binary updates for the amd64 platform are available via the syspatch utility.
Source code
Errata patches for the generic tunnel interface driver have been released
for OpenBSD 6.3.
In the gif(4) interface, use the specified protocol for IPv6, plug an mbuf
leak, and avoid a use after free.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility.
Errata patches for the kernel's Address Resolution Protocol implementation
have been released for OpenBSD 6.3.
ARP replies could be sent on the wrong member of a bridge(4) interface.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code
Errata patches for libtls have been released for OpenBSD 6.3.
Additional data is inadvertently removed when private keys are cleared from
TLS configuration, which can prevent OCSP from functioning correctly.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch
Errata patches for httpd have been released for OpenBSD 6.2 and 6.3.
httpd can leak file descriptors when servicing range requests.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata pages:
Errata patches for IPsec have been released for OpenBSD 6.2 and 6.1.
The IPsec AH header could be longer than the network packet, resulting in
a kernel crash.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the
Errata patches for Xorg have been released for OpenBSD 6.3 and 6.4.
The Xorg X server incorrectly validates certain options, allowing arbitrary
files to be overwritten.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.2.
On AMD CPUs, LDTR must be managed crossing between VMs.
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata pages:
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.4.
While recv(2) with the MSG_WAITALL flag was receiving control messages
from a socket, the kernel could panic.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.4.
The setsockopt(2) system call could overflow mbuf cluster kernel memory
by 4 bytes.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
Errata patches for vmd have been released for OpenBSD 6.4.
Writing more than 4GB to a qcow2 volume corrupts the virtual disk.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the errata page:
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.4.
UNIX domain sockets leak kernel memory with MSG_PEEK on SCM_RIGHTS, or can
attempt excessive memory allocations leading to a crash.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch
Errata patches for OpenSMTPD have been released for OpenBSD 6.4.
The mail.mda and mail.lmtp delivery agents were not reporting temporary
failures correctly, causing smtpd to bounce messages in some cases where
it should have retried them.
Binary updates for the amd64, i386, and arm64 platforms
Errata patches for perl have been released for OpenBSD 6.3 and 6.4.
Various overflows exist in perl.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for libcrypto have been released for OpenBSD 6.3.
Timing side channels may leak information about DSA and ECDSA private keys.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the errata
page:
Errata patches for libcrypto have been released for OpenBSD 6.4.
The portsmash vulnerability allows exfiltration of elliptic curve keys.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the errata
page:
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.4.
A recent change to POSIX file locks could cause incorrect results during
lock acquisition.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.4.
Missing length checks in the NFS server and client can lead to crashes
and other errors.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on
Errata patches for the kernel have been released for OpenBSD 6.3 and 6.4.
The mincore() system call can be used to observe memory access patterns
of other processes.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found
Errata patches for the kernel have been released for OpenBSD 6.4.
The unveil() system call can leak memory.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
errata page:
Errata patches for vmm have been released for OpenBSD 6.3 and 6.4.
GDT and IDT limits were improperly restored during VMM context switches.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for pf have been released for OpenBSD 6.3 and 6.4.
Fragmented IPv6 packets may be erroneously passed by pf or lead to a crash.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata
Errata patches for pf have been released for OpenBSD 6.3 and 6.4.
A state in pf could pass ICMP packets to a destination IP address
that did not match the state.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on
Errata patches for the kernel have been released for OpenBSD 6.4 and 6.5.
Intel CPUs have a cross privilege side-channel attack. (MDS)
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata page:
Errata patches for OpenBGPD have been released for OpenBSD 6.5.
Several issues were corrected in bgpd: "network" statements with no fixed
prefix were incorrectly removed when configuration was reloaded, "export
default-route" did not work, and "network 0.0.0.0/0" could not be used
in some cases.
Errata patches for LibreSSL have been released for OpenBSD 6.5.
TLS handshakes fail if a client supporting TLS 1.3 tries to connect to
an OpenBSD server and sends a key share extension that does not include
X25519.
Binary updates for the amd64, i386, and arm64 platforms are available
via the
Errata patches for LibreSSL have been released for OpenBSD 6.4 and 6.5.
LibreSSL servers did not provide an SRTP profile, so DTLS negotiation failed.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for the kernel have been released for OpenBSD 6.3, 6.4,
and 6.5.
If a userland program sets the IPv6 checksum offset on a raw socket,
an incoming packet could crash the kernel. ospf6d is such a program.
Binary updates for the amd64, i386, and arm64 platforms are available
via the
Errata patches for OpenSMTPD have been released for OpenBSD 6.4 and 6.5.
smtpd can crash on excessively large input, causing a denial of service.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for the kernel have been released for OpenBSD 6.4 and 6.5.
Resume forgot to restore MSR/PAT configuration.
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata page:
Errata patches for the kernel have been released for OpenBSD 6.4 and 6.5.
When processing ECN bits on incoming IPv6 fragments, the kernel could crash.
Per default pf fragment reassemble prevents the crash.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch
Errata patches for expat have been released for OpenBSD 6.4 and 6.5.
Libexpat 2.2.6 was affected by the heap overflow CVE-2019-15903.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for the kernel have been released for OpenBSD 6.4 and 6.5.
Intel CPUs have another cross privilege side-channel attack. (SWAPGS)
Binary updates for the amd64 platform are available via the syspatch utility.
Source code patches can be found on the respective errata page:
Errata patches for the kernel have been released for OpenBSD 6.4 and 6.5.
By creating long chains of TCP SACK holes, an attacker could possibly
slow down the system temporarily.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches
Errata patches for sysupgrade have been released for OpenBSD 6.5.
The sysupgrade utility can be used to upgrade the system to the next
release or to a new snapshot. This errata adds sysupgrade to OpenBSD
6.5 to simplify the process of upgrading to 6.6 when it's released.
Binary updates for the
Errata patches for OpenBGPD have been released for OpenBSD 6.6.
bgpd(8) can crash on nexthop changes or during startup in certain
configurations.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
The kernel could crash due to a NULL pointer dereference in net80211.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
A regular user could change some network interface parameters due to
missing checks in the ioctl(2) system call.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code
Errata patches for sysupgrade have been released for OpenBSD 6.5 and 6.6.
A new kernel may require newer firmware images when using sysupgrade.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for Mesa have been released for OpenBSD 6.5 and 6.6.
Shared memory regions used by some Mesa drivers had permissions which
allowed others to access that memory.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
A local user could cause the system to hang by reading specific registers
when Intel Gen8/Gen9 graphics hardware is in a low power state.
A local user could perform writes to memory that should be blocked with
Intel Gen9
Errata patches for su have been released for OpenBSD 6.5 and 6.6.
A user can log in with a different user's login class.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
ARM64 CPUs speculatively execute instructions after ERET.
Binary updates for the arm64 platform are available via the syspatch
utility. Source code patches can be found on the respective errata page:
Errata patches for ld.so have been released for OpenBSD 6.5 and 6.6.
ld.so may fail to remove the LD_LIBRARY_PATH environment variable for
set-user-ID and set-group-ID executables in low memory conditions.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch
Errata patches for BPF have been released for OpenBSD 6.6.
bpf(4) has a race condition during device removal.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for libutil have been released for OpenBSD 6.6.
Various third party applications may crash due to symbol collision.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for unbound have been released for OpenBSD 6.4 and 6.5.
Specially crafted queries may crash unwind and unbound.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for dhcpd have been released for OpenBSD 6.4 and 6.5.
dhcpd leaks 4 bytes of stack to the network.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for ripd have been released for OpenBSD 6.5 and 6.6.
ripd(8) fails to validate authentication lengths.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for ftp have been released for OpenBSD 6.5 and 6.6.
ftp(1) will follow remote redirects to local files.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6.
An out of bounds read in smtpd allows an attacker to inject arbitrary
commands into the envelope file which are then executed as root.
Separately, missing privilege revocation in smtpctl allows arbitrary
commands to be run
Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6.
smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
Errata patches for OpenSMTPD have been released for OpenBSD 6.5 and 6.6.
An incorrect check allows an attacker to trick mbox delivery into executing
arbitrary commands as root and lmtp delivery into executing arbitrary commands
as an unprivileged user.
Binary updates for the amd64, i386, and
Errata patches for vmm have been released for OpenBSD 6.6.
A missing range check in the vmm pvclock allows a guest to write
to host memory.
Binary updates for the amd64 platform are available via the syspatch
utility. Source code patches can be found on the errata page:
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
Execution Unit state was not cleared on context switch with Intel Gen9
graphics hardware.
Binary updates for the amd64 and i386 platforms are available via the
syspatch utility. Source code patches can be found on the
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
Local outbound UDP broadcast or multicast packets sent by a spliced
socket can crash the kernel.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
Missing input validation in sysctl(2) can be used to crash the kernel.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for the kernel have been released for OpenBSD 6.5 and 6.6.
There was an incorrect test for root in the DRM Linux compatiblity code.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for dhcpd have been released for OpenBSD 6.5 and 6.6.
dhcpd could reference freed memory after releasing a lease with an
unusually long uid.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the
Errata patches for ssh-keygen have been released for OpenBSD 6.7.
When attempting to download resident keys from a FIDO token that does not
require a password/PIN, ssh-keygen would crash with a NULL dereference.
Binary updates for the amd64, i386, and arm64 platforms are available via
the
Errata patches for rpki-client have been released for OpenBSD 6.7.
rpki-client could hang because of an improper waitpid idiom for rsync
processes.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the errata page:
Errata patches for wscons have been released for OpenBSD 6.5, 6.6,
and 6.7.
An out-of-bounds index access in wscons(4) can cause a kernel crash.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective
Errata patches for unbound and unwind have been released for OpenBSD 6.6
and 6.7.
Specially crafted queries may crash unbound and unwind. Both can be tricked
into amplifying an incoming query.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source
Errata patches for LibreSSL have been released for OpenBSD 6.7.
A TLS client with peer verification disabled may crash when contacting a
server that sends an empty certificate list.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code
Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7.
A buffer overflow was discovered in an amdgpu ioctl.
Binary updates for the amd64 and arm64 platforms are available via the
syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for the kernel have been released for OpenBSD 6.7.
mmap can exhaust kernel memory for PROT_NONE MAP_SHARED mappings.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
errata page:
Errata patches for Xorg have been released for OpenBSD 6.6 and 6.7.
Various X server extensions had deficient input validation.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for libX11 have been released for OpenBSD 6.6 and 6.7.
An integer overflow in libX11 could lead to a double free.
Additionally, fix a regression in ximcp.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be
Errata patches for LibreSSL have been released for OpenBSD 6.7.
The previous errata patch 019 broke bidirectional SSL_shutdown.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the errata page:
Errata patches for OpenSMTPD have been released for OpenBSD 6.7.
Incorrect use of getpeername(2) storage for outgoing IPv6 connections
corrupts stack memory. The nature of the corruption and existing
mitigations appear to make this difficult to effectively target.
Binary updates for the amd64,
Errata patches for Perl have been released for OpenBSD 6.6 and 6.7.
Several problems in Perl's regular expression compiler could lead to
corruption of the intermediate language state of a compiled regular
expression.
Binary updates for the amd64, i386, and arm64 platforms are available via
the
Errata patches for OpenBGPD have been released for OpenBSD 6.7 and 6.8.
In bgpd, the roa-set parser could leak memory.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7.
tty subsystem abuse can impact performance badly.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7.
Only pty devices need reprint delays.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for libX11 have been released for OpenBSD 6.6 and 6.7.
The recent security errata broke X11 input methods.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for Xorg have been released for OpenBSD 6.6 and 6.7.
Pixmaps inside the xserver were an info leak.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for libX11 have been released for OpenBSD 6.6 and 6.7.
Malformed messages can cause heap corruption in the X Input Method
client implementation in libX11.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be
Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7.
shmget IPC_STAT leaked some kernel data.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for libc have been released for OpenBSD 6.6 and 6.7.
libc's resolver could get into a corrupted state.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
Errata patches for LibreSSL have been released for OpenBSD 6.6 and 6.7.
libcrypto may fail to build a valid certificate chain due to expired
untrusted issuer certificates.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be
Errata patches for the kernel have been released for OpenBSD 6.6 and 6.7.
Malicious HID descriptors could be misparsed.
Binary updates for the amd64, i386, and arm64 platforms are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
Errata patches for rpki-client have been released for OpenBSD 6.7.
In rpki-client, incorrect use of EVP_PKEY_cmp allows an authentication bypass.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the errata page:
Errata patches for OpenIKED have been released for OpenBSD 6.6 and 6.7.
In iked, incorrect use of EVP_PKEY_cmp allows an authentication bypass.
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
100 matches
Mail list logo