OpenBSD 5.4 Errata

For errata on a certain release, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5,
3.6, 3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1,
5.2, 5.3, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7, 6.8,
6.9, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6.

Patches for the OpenBSD base system are distributed as unified diffs. Each patch contains usage instructions. All the following patches are also available in one tar.gz file for convenience.

Patches for supported releases are also incorporated into the -stable branch.

001: RELIABILITY FIX: Nov 7, 2013 All architectures
A crash can happen on pflow(4) interface destruction.
A source code patch exists which remedies this problem.
002: SECURITY FIX: Nov 7, 2013 All architectures
A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during kex exchange. Review the gcmrekey advisory for a mitigation.
A source code patch exists which remedies this problem.
003: RELIABILITY FIX: Nov 11, 2013 All architectures
An unprivileged user may hang the system.
A source code patch exists which remedies this problem.
004: SECURITY FIX: Nov 21, 2013 All architectures
A problem exists in nginx(8) which might allow an attacker to bypass security restrictions in certain configurations by using a specially crafted request. This issue was assigned CVE-2013-4547.
A source code patch exists which remedies this problem.
005: RELIABILITY FIX: Dec 19, 2013 Strict alignment architectures
In OpenSSL, use of the SHA384 SSL/TLS ciphers may result in a crash of the application. The i386, amd64, vax and m68k platforms aren't affected.
A source code patch exists which remedies this problem.
006: SECURITY FIX: Jan 10, 2014 All architectures
A BDF font file containing a longer than expected string could overflow a buffer on the stack in the X server. This issue was assigned CVE-2013-6462.
A source code patch exists which remedies this problem.
007: SECURITY FIX: April 8, 2014 All architectures
Missing bounds checking in OpenSSL's implementation of the TLS/DTLS heartbeat extension (RFC6520) which can result in a leak of memory contents.
A source code patch exists which remedies this problem.
008: SECURITY FIX: April 12, 2014 All architectures
A use-after-free race condition in OpenSSL's read buffer may permit an attacker to inject data from one connection into another.
A source code patch exists which remedies this problem.
009: RELIABILITY FIX: May 1, 2014 All architectures
An attacker can trigger generation of an SSL alert which could cause a null pointer dereference.
A source code patch exists which remedies this problem.
010: SECURITY FIX: May 24, 2014 All architectures with X server
X Font Service Protocol & Font metadata file handling issues in libXfont
- CVE-2014-0209: integer overflow of allocations in font metadata file parsing
- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies
- CVE-2014-0211: integer overflows calculating memory needs for xfs replies
Please see the advisory for more information.
A source code patch exists which remedies this problem.
011: SECURITY FIX: June 5, 2014 All architectures
Sendmail was not properly closing file descriptions before executing programs. This could enable local users to interfere with an open SMTP connection. This issue was assigned CVE-2014-3956.
A source code patch exists which remedies this problem.
012: SECURITY FIX: June 6, 2014 All architectures
This patch contains a number of SSL library fixes.
A source code patch exists which remedies this problem.
013: RELIABILITY FIX: July 30, 2014 All architectures
Packets with illegal DHCP options can lead to memory exhaustion of dhclient(8) and dhcpd(8).
A source code patch exists which remedies this problem.
014: SECURITY FIX: August 9, 2014 All architectures
This patch contains a number of SSL library fixes.
A source code patch exists which remedies this problem.
015: SECURITY FIX: October 1, 2014 All architectures
nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations. This issue was assigned CVE-2014-3616.
A source code patch exists which remedies this problem.
016: RELIABILITY FIX: October 20, 2014 All architectures
Two remotely triggerable memory leaks in OpenSSL can lead to a denial of service in server applications.
A source code patch exists which remedies this problem.
017: RELIABILITY FIX: October 20, 2014 All architectures
Executable headers with an unaligned address will trigger a kernel panic.
A source code patch exists which remedies this problem.

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.

Alternative Proxies: