For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
7.5.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
-
001: SECURITY FIX: October 14, 2024
All architectures
Querying a maliciously constructed DNS zone could result in degraded
performance or denial of service. CVE-2024-8508
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: October 29, 2024
All architectures
Fix memory allocation error in the Xkb X11 server extension. CVE-2024-9632
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: October 29, 2024
hppa m88k mips64 powerpc powerpc64 sh sparc64
mlkem768x25519-sha256 byte order bug on big-endian machines.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: October 31, 2024
arm64
Updating Apple Silicon system firmware to the latest version cripples
OpenBSD. This disabled the onboard WiFi.
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: November 15, 2024
All architectures
In libexpat fix crash within function XML_ResumeParser. CVE-2024-50602
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: January 10, 2025
All architectures
Traffic sent over wg(4) could result in kernel crash.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: February 10, 2025
All architectures
pf(4) could reassemble overlapping fragments into an incorrect IP
packet that was too short.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: February 18, 2025
All architectures
sshd(8) denial of service relating to SSH2_MSG_PING handling.
ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: February 25, 2025
All architectures
Multiple X server issues.
CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597
CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: March 18, 2025
All architectures
In libexpat fix crash caused by stack overflow during recursion.
CVE-2024-8176
A source code patch exists which remedies this problem.