For errata on a certain release, click below:
2.0,
2.1,
2.2,
2.3,
2.4,
2.5,
2.6,
2.7,
2.8,
2.9,
3.0,
3.1,
3.2,
3.3,
3.4,
3.5,
3.6,
3.7,
3.8,
3.9,
4.0,
4.1,
4.2,
4.3,
4.4,
4.5,
4.6,
4.7,
4.8,
4.9,
5.0,
5.1,
5.2,
5.3,
5.4,
5.5,
5.6,
5.7,
5.8,
5.9,
6.0,
6.1,
6.2,
6.3,
6.4,
6.5,
6.6,
6.7,
6.8,
6.9,
7.0,
7.1,
7.2,
7.3,
7.4,
7.5,
7.7,
7.8.
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch.
-
001: SECURITY FIX: October 14, 2024
All architectures
Querying a maliciously constructed DNS zone could result in degraded
performance or denial of service. CVE-2024-8508
A source code patch exists which remedies this problem.
-
002: SECURITY FIX: October 29, 2024
All architectures
Fix memory allocation error in the Xkb X11 server extension. CVE-2024-9632
A source code patch exists which remedies this problem.
-
003: RELIABILITY FIX: October 29, 2024
hppa m88k mips64 powerpc powerpc64 sh sparc64
mlkem768x25519-sha256 byte order bug on big-endian machines.
A source code patch exists which remedies this problem.
-
004: RELIABILITY FIX: October 31, 2024
arm64
Updating Apple Silicon system firmware to the latest version cripples
OpenBSD. This disabled the onboard WiFi.
A source code patch exists which remedies this problem.
-
005: SECURITY FIX: November 15, 2024
All architectures
In libexpat fix crash within function XML_ResumeParser. CVE-2024-50602
A source code patch exists which remedies this problem.
-
006: RELIABILITY FIX: January 10, 2025
All architectures
Traffic sent over wg(4) could result in kernel crash.
A source code patch exists which remedies this problem.
-
007: RELIABILITY FIX: February 10, 2025
All architectures
pf(4) could reassemble overlapping fragments into an incorrect IP
packet that was too short.
A source code patch exists which remedies this problem.
-
008: SECURITY FIX: February 18, 2025
All architectures
sshd(8) denial of service relating to SSH2_MSG_PING handling.
ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem.
-
009: SECURITY FIX: February 25, 2025
All architectures
Multiple X server issues.
CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597
CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601
A source code patch exists which remedies this problem.
-
010: SECURITY FIX: March 18, 2025
All architectures
In libexpat fix crash caused by stack overflow during recursion.
CVE-2024-8176
A source code patch exists which remedies this problem.
-
011: RELIABILITY FIX: April 1, 2025
All architectures
In libexpat fix regression of behavior introduced by previous errata.
A source code patch exists which remedies this problem.
-
012: SECURITY FIX: April 9, 2025
All architectures
iked(8) and isakmpd(8) fix double-free in ecdh mode.
A source code patch exists which remedies this problem.
-
013: SECURITY FIX: April 9, 2025
All architectures
sshd(8) fix the DisableForwarding directive, which was failing to
disable X11 forwarding and agent forwarding as documented.
A source code patch exists which remedies this problem.
-
014: RELIABILITY FIX: April 9, 2025
All architectures
Incorrect internal RRDP state handling in rpki-client can lead to a
denial of service.
A source code patch exists which remedies this problem.
-
015: SECURITY FIX: April 13, 2025
All architectures
In Perl, non-ASCII bytes in the left-hand-side of the `tr` operator
can overflow an insufficiently sized buffer. CVE-2024-56406
A source code patch exists which remedies this problem.
-
016: SECURITY FIX: May 5, 2025
All architectures
Kernel of NFS server could crash if nfsd(8) is enabled and an evil
NFS request is sent to it.
A source code patch exists which remedies this problem.
-
017: RELIABILITY FIX: June 17, 2025
All architectures
When using syncookies in pf(4), new TCP connections could run into
timeout due to integer underflow.
A source code patch exists which remedies this problem.
-
018: RELIABILITY FIX: June 17, 2025
All architectures
In acme-client(1), handle as yet unobserved "processing" state when
fetching an issued certificate by retrying instead of giving up.
A source code patch exists which remedies this problem.
-
019: SECURITY FIX: June 17, 2025
All architectures
Multiple X11 server issues.
CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178
CVE-2025-49179 CVE-2025-49180
A source code patch exists which remedies this problem.
-
020: SECURITY FIX: July 1, 2025
All architectures
Previous fix for X11 server was incomplete.
CVE-2025-49176
A source code patch exists which remedies this problem.
-
021: RELIABILITY FIX: July 1, 2025
All architectures
TIOCUCNTL ioctl(2) could crash the kernel if called with a non-file
argument.
A source code patch exists which remedies this problem.
-
022: SECURITY FIX: September 30, 2025
All architectures
In libexpat fix denial of service due to memory exhaustion.
CVE-2025-59375 CVE-2024-8176
A source code patch exists which remedies this problem.
-
023: SECURITY FIX: September 30, 2025
All architectures
Fix out-of-bounds read and write, memory leaks and incorrect error
check for CMS enveloped data.
A source code patch exists which remedies this problem.