File: [local] / www / errata78.html (download) (as text)
Revision 1.28, Tue May 19 11:36:15 2026 UTC (2 weeks, 3 days ago) by tj
Branch: MAIN
CVS Tags: HEAD
Changes since 1.27: +1 -2 lines
7.9 updates
|
<!doctype html>
<html lang=en id=errata>
<meta charset=utf-8>
<title>OpenBSD 7.8 Errata</title>
<meta name="description" content="the OpenBSD errata page">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<link rel="canonical" href="https://www.openbsd.org/errata78.html">
<!--
IMPORTANT REMINDER
IF YOU ADD A NEW ERRATUM, MAIL THE PATCH TO TECH AND ANNOUNCE
-->
<h2 id=OpenBSD>
<a href="index.html">
<i>Open</i><b>BSD</b></a>
7.8 Errata
</h2>
<hr>
For errata on a certain release, click below:<br>
<a href="errata20.html">2.0</a>,
<a href="errata21.html">2.1</a>,
<a href="errata22.html">2.2</a>,
<a href="errata23.html">2.3</a>,
<a href="errata24.html">2.4</a>,
<a href="errata25.html">2.5</a>,
<a href="errata26.html">2.6</a>,
<a href="errata27.html">2.7</a>,
<a href="errata28.html">2.8</a>,
<a href="errata29.html">2.9</a>,
<a href="errata30.html">3.0</a>,
<a href="errata31.html">3.1</a>,
<a href="errata32.html">3.2</a>,
<a href="errata33.html">3.3</a>,
<a href="errata34.html">3.4</a>,
<a href="errata35.html">3.5</a>,
<br>
<a href="errata36.html">3.6</a>,
<a href="errata37.html">3.7</a>,
<a href="errata38.html">3.8</a>,
<a href="errata39.html">3.9</a>,
<a href="errata40.html">4.0</a>,
<a href="errata41.html">4.1</a>,
<a href="errata42.html">4.2</a>,
<a href="errata43.html">4.3</a>,
<a href="errata44.html">4.4</a>,
<a href="errata45.html">4.5</a>,
<a href="errata46.html">4.6</a>,
<a href="errata47.html">4.7</a>,
<a href="errata48.html">4.8</a>,
<a href="errata49.html">4.9</a>,
<a href="errata50.html">5.0</a>,
<a href="errata51.html">5.1</a>,
<br>
<a href="errata52.html">5.2</a>,
<a href="errata53.html">5.3</a>,
<a href="errata54.html">5.4</a>,
<a href="errata55.html">5.5</a>,
<a href="errata56.html">5.6</a>,
<a href="errata57.html">5.7</a>,
<a href="errata58.html">5.8</a>,
<a href="errata59.html">5.9</a>,
<a href="errata60.html">6.0</a>,
<a href="errata61.html">6.1</a>,
<a href="errata62.html">6.2</a>,
<a href="errata63.html">6.3</a>,
<a href="errata64.html">6.4</a>,
<a href="errata65.html">6.5</a>,
<a href="errata66.html">6.6</a>,
<a href="errata67.html">6.7</a>,
<br>
<a href="errata68.html">6.8</a>,
<a href="errata69.html">6.9</a>,
<a href="errata70.html">7.0</a>,
<a href="errata71.html">7.1</a>,
<a href="errata72.html">7.2</a>,
<a href="errata73.html">7.3</a>,
<a href="errata74.html">7.4</a>,
<a href="errata75.html">7.5</a>,
<a href="errata76.html">7.6</a>,
<a href="errata77.html">7.7</a>,
<a href="errata79.html">7.9</a>.
<hr>
<p>
Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
<a href="https://man.openbsd.org/OpenBSD-7.8/signify.1">signify(1)</a> tool and contains
usage instructions.
All the following patches are also available in one
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8.tar.gz">tar.gz file</a>
for convenience.
<p>
Alternatively, the <a href="https://man.openbsd.org/syspatch">syspatch(8)</a>
utility can be used to apply binary updates.
Full binary updates are made available on the following architectures:
amd64, i386, arm64.
On other architectures, only machine-independent updates are produced (and
these are exceedingly rare).
<p>
Patches for supported releases are also incorporated into the
<a href="stable.html">-stable branch</a>.
<hr>
<ul>
<li id="p001_syspatch">
<strong>001: RELIABILITY FIX: October 26, 2025</strong>
<i>All architectures</i>
<br>
syspatch(8) is confused by aliased /dev/*rootdisk nodes in the database
generated by dev_mkdb(8).
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/001_syspatch.patch.sig">
A source code patch exists which remedies this problem.</a>
<br>
<b>If syspatch fails (probably because /usr is not a separate
filesystem), perform these steps:</b>
<pre>
sed -e 's/.checkfs/#checkfs/g' /usr/sbin/syspatch > /root/syspatch
ksh /root/syspatch
syspatch # re-run new syspatch command as instructed
rm /root/syspatch
dev_mkdb
</pre>
<p>
<li id="p002_xserver">
<strong>002: SECURITY FIX: October 28, 2025</strong>
<i>All architectures</i>
<br>
Use-after-free and integer overflow in the Xkb and Present X server
extensions. CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/002_xserver.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p003_unbound">
<strong>003: SECURITY FIX: October 28, 2025</strong>
<i>All architectures</i>
<br>
DNS cache poisoning vulnerabilities in unbound could lead to domain
hijacking. CVE-2025-11411
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/003_unbound.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p004_libssl">
<strong>004: RELIABILITY FIX: October 28, 2025</strong>
<i>All architectures</i>
<br>
Ensure the group selected by a TLSv1.3 server for a HelloRetryRequest is
not one for which the client has already sent a key share.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/004_libssl.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p005_smtpd">
<strong>005: SECURITY FIX: October 31, 2025</strong>
<i>All architectures</i>
<br>
smtpd(8) can die if a malformed imsg is sent on the local socket.
CVE-2025-62875
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/005_smtpd.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p006_libunwind">
<strong>006: RELIABILITY FIX: November 17, 2025</strong>
<i>All architectures</i>
<br>
Missing modifications to libunwind after the LLVM 19.1.7 update can
cause performance regressions and missing endbr instructions.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/006_libunwind.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p007_drm">
<strong>007: RELIABILITY FIX: December 3, 2025</strong>
<i>All architectures</i>
<br>
Fix drm(4) to avoid spurious sleep errors leading to crashes.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/007_drm.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p008_libpng">
<strong>008: SECURITY FIX: December 3, 2025</strong>
<i>All architectures</i>
<br>
Fix buffer overflow vulnerabilities in libpng which is part of
libfreetype.
CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/008_libpng.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p009_xkbcomp">
<strong>009: SECURITY FIX: December 3, 2025</strong>
<i>All architectures</i>
<br>
Fix incorrect handling of invalid inputs to xkbcomp(1).
CVE-2018-15853 CVE-2018-15859 CVE-2018-15861 CVE-2018-15863
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/009_xkbcomp.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p010_unbound">
<strong>010: SECURITY FIX: December 3, 2025</strong>
<i>All architectures</i>
<br>
Fix incomplete mitigation of DNS cache poisoning vulnerabilities
in unbound. CVE-2025-11411
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/010_unbound.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p011_nd6">
<strong>011: RELIABILITY FIX: December 3, 2025</strong>
<i>All architectures</i>
<br>
Due to a race, the kernel could crash when adding IPv6 neighbor
discovery entries.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/011_nd6.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p012_rpki">
<strong>012: RELIABILITY FIX: January 14, 2026</strong>
<i>All architectures</i>
<br>
A malicious RPKI Certification Authority can cause a NULL dereference.
A malicious RPKI Trust Anchor can cause memory exhaustion.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/012_rpki.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p013_httpd">
<strong>013: SECURITY FIX: February 2, 2026</strong>
<i>All architectures</i>
<br>
Fix a use-after-free in httpd(8) when using chunked encoding.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/013_httpd.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p014_expat">
<strong>014: SECURITY FIX: February 9, 2026</strong>
<i>All architectures</i>
<br>
In libexpat fix denial of service due to NULL dereference and integer
overflow. CVE-2026-24515 CVE-2026-25210
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/014_expat.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p015_tmppath">
<strong>015: SECURITY FIX: February 27, 2026</strong>
<i>All architectures</i>
<br>
Stop userland from using pledge(2) "tmppath" because the kernel feature
will be removed soon.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/015_tmppath.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p016_pledge_sysctl">
<strong>016: SECURITY FIX: February 27, 2026</strong>
<i>All architectures</i>
<br>
sysctl requests blocked by pledge(2) create a diagnostic message which
races inside pty(4) and possibly crashes.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/016_pledge_sysctl.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p017_tmppath">
<strong>017: SECURITY FIX: March 2, 2026</strong>
<i>All architectures</i>
<br>
In ldconfig(8), stop userland from using pledge(2) "tmppath" because
the kernel feature will be removed soon.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/017_tmppath.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p018_pledgepaths">
<strong>018: SECURITY FIX: March 4, 2026</strong>
<i>All architectures</i>
<br>
Make the pledge(2) mechanism which permits specific libc paths more
strict by removing the "tmppath" promise, avoid normalizing paths
which libc already creates strictly correct, and blocking '..'
traversals out of /usr/share/zoneinfo.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/018_pledgepaths.patch.sig">
A source code patch exists which remedies this problem.</a>
<br>
<b>Ports that use pledge "tmppath" have to be adapted and rebuilt
before rebooting.</b>
<br>
Affected are:
<ul>
<li>devel/got,-server
<li>graphics/arcan
<li>mail/opensmtpd-filters/dkimsign
<li>math/moo
<li>net/gmid
<li>net/iperf3
<li>security/pizauth
<li>security/ruby-pledge,ruby33
<li>sysutils/fzf
<li>sysutils/rset
<li>www/chromium
<li>www/firefox-esr
<li>www/iridium
<li>www/mozilla-firefox
<li>www/tor-browser/browser
<li>www/ungoogled-chromium
</ul>
With OpenBSD 7.8 on the amd64 and i386 architecture, you can update
stable packages.
<p>
<li id="p019_unveil_mount">
<strong>019: SECURITY FIX: March 4, 2026</strong>
<i>All architectures</i>
<br>
unveil(2) traversals could misbehave crossing mountpoints.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/019_unveil_mount.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p020_freetype">
<strong>020: SECURITY FIX: March 10, 2026</strong>
<i>All architectures</i>
<br>
Prevent an integer overflow leading to out-of-bounds read in FreeType.
CVE-2026-23865
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/020_freetype.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p021_calendar">
<strong>021: RELIABILITY FIX: March 10, 2026</strong>
<i>All architectures</i>
<br>
Stop userland from using pledge(2) "tmppath" because the kernel feature
has been removed.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/021_calendar.patch.sig">
The calendar binary was missing from previous syspatch.</a>
<p>
<li id="p022_recvfd">
<strong>022: SECURITY FIX: March 15, 2026</strong>
<i>All architectures</i>
<br>
pledge(2) "recvfd" should not kill a process who receives bad descriptors.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/022_recvfd.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p023_calendar">
<strong>023: RELIABILITY FIX: March 19, 2026</strong>
<i>All architectures</i>
<br>
calendar(1) could not send mail due to missing unveil.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/023_calendar.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p024_expat">
<strong>024: RELIABILITY FIX: March 21, 2026</strong>
<i>All architectures</i>
<br>
In libexpat fix denial of service due to NULL dereference and
infinite loop. CVE-2026-32776 CVE-2026-32777 CVE-2026-32778
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/024_expat.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p025_sack">
<strong>025: RELIABILITY FIX: March 25, 2026</strong>
<i>All architectures</i>
<br>
TCP packets with invalid SACK options could crash the kernel.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/025_sack.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p026_smtpd">
<strong>026: RELIABILITY FIX: March 27, 2026</strong>
<i>All architectures</i>
<br>
In smtpd(8), an LF character in the username or password could stop
proc tables, causing a denial of service.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/026_smtpd.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p027_iked">
<strong>027: SECURITY FIX: April 4, 2026</strong>
<i>All architectures</i>
<br>
In iked(8) add stricter checks to avoid out-of-bounds read, NULL
pointer dereference, and keep the state machine consistent.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/027_iked.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p028_xserver">
<strong>028: SECURITY FIX: April 14, 2026</strong>
<i>All architectures</i>
<br>
Multiple vulnerabilites in the X server sync and Xkb extensions.
CVE-2026-33999 CVE-2026-34000 CVE-2026-34001 CVE-2026-34002
CVE-2026-34003
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/028_xserver.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p029_v6daemons">
<strong>029: RELIABILITY FIX: April 14, 2026</strong>
<i>All architectures</i>
<br>
rad(8) and slaacd(8) could spin doing nothing after a malformed packet.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/029_v6daemons.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p030_rpki">
<strong>030: RELIABILITY FIX: April 14, 2026</strong>
<i>All architectures</i>
<br>
A malicious RPKI Publication Server can cause an incorrect error exit.
A malicious RRDP Publication Server can cause a NULL dereference.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/030_rpki.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p031_pgrp">
<strong>031: SECURITY FIX: April 17, 2026</strong>
<i>All architectures</i>
<br>
pgrp management through a fork is unsafe.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/031_pgrp.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p032_libxpm">
<strong>032: RELIABILITY FIX: April 21, 2026</strong>
<i>All architectures</i>
<br>
libXpm out-of-bounds read. CVE-2026-4367
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/032_libxpm.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p033_slaacd">
<strong>033: RELIABILITY FIX: April 21, 2026</strong>
<i>All architectures</i>
<br>
slaacd(8) could crash due to buffer overflow.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/033_slaacd.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p034_expat">
<strong>034: SECURITY FIX: May 8, 2026</strong>
<i>All architectures</i>
<br>
libexpat uses more entropy to protect against hash flooding.
CVE-2026-41080
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/034_expat.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p035_nfs">
<strong>035: RELIABILITY FIX: May 8, 2026</strong>
<i>All architectures</i>
<br>
Due to insufficient checks in NFS server, the kernel could crash.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/035_nfs.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
<li id="p036_iked">
<strong>036: SECURITY FIX: May 8, 2026</strong>
<i>All architectures</i>
<br>
In iked(8), address sizes were not checked.
<br>
<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/7.8/common/036_iked.patch.sig">
A source code patch exists which remedies this problem.</a>
<p>
</ul>
<hr>
![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to errata78.html CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [local] / www