Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch.
006: SECURITY FIX: November 26, 2021All architectures
In some situations the X.509 verifier would discard an error on
an unverified certificate chain, resulting in an authentication bypass.
A source code patch exists which remedies this problem.
007: SECURITY FIX: December 14, 2021All architectures
Multiple input validation failures in the X server request parsing
code can lead to out of bounds memory accesses for authorized
clients.
A source code patch exists which remedies this problem.
009: SECURITY FIX: January 19, 2022All architectures
Fix 8 security issues in libexpat, all related to fixed-size integer
math (integer overflow and invalid shifts) near memory allocation.
A source code patch exists which remedies this problem.
022: SECURITY FIX: July 24, 2022All architectures
Input validation failures in the X server request parsing code can
lead to out of bounds memory accesses for authorized clients.
A source code patch exists which remedies this problem.