The patches below are available in CVS via the OPENBSD_4_8 patch branch.
For more detailed information on how to install patches to OpenBSD, please consult the OpenBSD FAQ.
- 006: RELIABILITY FIX: December 17, 2010 All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land. This fixes aes-ni, via xcrypt and various drivers (glxsb(4), hifn(4), safe(4) and ubsec(4)).
A source code patch exists which remedies this problem. - 005: SECURITY FIX: December 17, 2010 All architectures
Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules.
A source code patch exists which remedies this problem. - 004: RELIABILITY FIX: November 17, 2010 All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.
A source code patch exists which remedies this problem. - 003: RELIABILITY FIX: November 16, 2010 All architectures
The vr(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
A source code patch exists which remedies this problem. - 002: RELIABILITY FIX: November 16, 2010 All architectures
Certain PCI based hardware may improperly announce their Base Address Registers as prefetchable even though they are not. This may cause unpredictable effects due to wrongly mapped memory.
A source code patch exists which remedies this problem. - 001: RELIABILITY FIX: November 16, 2010 All architectures
Uninitialized memory may force the RDE into route-collector mode on startup and may prevent bgpd from updating or announcing any routes.
A source code patch exists which remedies this problem.