Patches for the OpenBSD base system are distributed as unified diffs.
Each patch is cryptographically signed with the
signify(1) tool and contains
usage instructions.
All the following patches are also available in one
tar.gz file
for convenience.
Alternatively, the syspatch(8)
utility can be used to apply binary updates on the following architectures:
amd64, i386, arm64.
Patches for supported releases are also incorporated into the
-stable branch, which is maintained for one year
after release.
001: SECURITY FIX: April 8, 2024All architectures
Fix multiple heap buffer overread and data leakage in the X11 server
Xi extension and use after free in the Render extension.
CVE-2024-31080 CVE-2024-31081 CVE-2024-31083
A source code patch exists which remedies this problem.
008: SECURITY FIX: September 17, 2024All architectures
Avoid possible mbuf double free in NFS client and server implementation.
Do not use uninitialized variable in error handling of NFS server.
A source code patch exists which remedies this problem.