OpenBSD 7.5 Errata

For errata on a certain release, click below:
2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 2.8, 2.9, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5,
3.6, 3.7, 3.8, 3.9, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 4.7, 4.8, 4.9, 5.0, 5.1,
5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9, 6.0, 6.1, 6.2, 6.3, 6.4, 6.5, 6.6, 6.7,
6.8, 6.9, 7.0, 7.1, 7.2, 7.3, 7.4, 7.6, 7.7.

Patches for the OpenBSD base system are distributed as unified diffs. Each patch is cryptographically signed with the signify(1) tool and contains usage instructions. All the following patches are also available in one tar.gz file for convenience.

Alternatively, the syspatch(8) utility can be used to apply binary updates on the following architectures: amd64, i386, arm64.

Patches for supported releases are also incorporated into the -stable branch.

001: SECURITY FIX: April 8, 2024 All architectures
Fix multiple heap buffer overread and data leakage in the X11 server Xi extension and use after free in the Render extension. CVE-2024-31080 CVE-2024-31081 CVE-2024-31083
A source code patch exists which remedies this problem.
002: RELIABILITY FIX: April 11, 2024 alpha
Install media for alpha architecture was broken due to strip(1) bug.
A source code patch exists which remedies this problem.
003: RELIABILITY FIX: May 10, 2024 All architectures
A missing bounds check could lead to a crash in libcrypto.
A source code patch exists which remedies this problem.
004: RELIABILITY FIX: June 26, 2024 All architectures
Repair a withdraw desyncronization problem in bgpd(8).
A source code patch exists which remedies this problem.
005: SECURITY FIX: August 2, 2024 All architectures
sndiod(8) main process could crash due to buffer overread.
A source code patch exists which remedies this problem.
006: SECURITY FIX: August 19, 2024 All architectures
cron(8) and crontab(1) can crash due to incorrect /step values. CVE-2024-43688
A source code patch exists which remedies this problem.
007: SECURITY FIX: September 17, 2024 All architectures
In libexpat add integer range checks. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
A source code patch exists which remedies this problem.
008: SECURITY FIX: September 17, 2024 All architectures
Avoid possible mbuf double free in NFS client and server implementation. Do not use uninitialized variable in error handling of NFS server.
A source code patch exists which remedies this problem.
009: SECURITY FIX: September 17, 2024 All architectures
In readdir name validation exclude any '/' to avoid unexpected directory traversal on untrusted file systems.
A source code patch exists which remedies this problem.
010: RELIABILITY FIX: September 17, 2024 All architectures
Invalid ELF files could result in kernel crash.
A source code patch exists which remedies this problem.
011: SECURITY FIX: October 14, 2024 All architectures
Querying a maliciously constructed DNS zone could result in degraded performance or denial of service. CVE-2024-8508
A source code patch exists which remedies this problem.
012: SECURITY FIX: October 29, 2024 All architectures
Fix memory allocation error in the Xkb X11 server extension. CVE-2024-9632
A source code patch exists which remedies this problem.
013: RELIABILITY FIX: October 31, 2024 arm64
Updating Apple Silicon system firmware to the latest version cripples OpenBSD. This disabled the onboard WiFi.
A source code patch exists which remedies this problem.
014: SECURITY FIX: November 15, 2024 All architectures
In libexpat fix crash within function XML_ResumeParser. CVE-2024-50602
A source code patch exists which remedies this problem.
015: RELIABILITY FIX: January 10, 2025 All architectures
Traffic sent over wg(4) could result in kernel crash.
A source code patch exists which remedies this problem.
016: RELIABILITY FIX: February 10, 2025 All architectures
pf(4) could reassemble overlapping fragments into an incorrect IP packet that was too short.
A source code patch exists which remedies this problem.
017: SECURITY FIX: February 18, 2025 All architectures
sshd(8) denial of service relating to SSH2_MSG_PING handling. ssh(1) server impersonation when VerifyHostKeyDNS enabled.
A source code patch exists which remedies this problem.
018: SECURITY FIX: February 25, 2025 All architectures
Multiple X server issues. CVE-2025-26594 CVE-2025-26595 CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 CVE-2025-26601
A source code patch exists which remedies this problem.
019: SECURITY FIX: March 18, 2025 All architectures
In libexpat fix crash caused by stack overflow during recursion. CVE-2024-8176
A source code patch exists which remedies this problem.
020: SECURITY FIX: March 25, 2025 All architectures
Prevent out-of-bounds write in FreeType heap. CVE-2025-27363
A source code patch exists which remedies this problem.
021: RELIABILITY FIX: April 1, 2025 All architectures
In libexpat fix regression of behavior introduced by previous errata.
A source code patch exists which remedies this problem.
022: SECURITY FIX: April 9, 2025 All architectures
iked(8) and isakmpd(8) fix double-free in ecdh mode.
A source code patch exists which remedies this problem.
023: SECURITY FIX: April 9, 2025 All architectures
sshd(8) fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented.
A source code patch exists which remedies this problem.
024: RELIABILITY FIX: April 9, 2025 All architectures
Incorrect internal RRDP state handling in rpki-client can lead to a denial of service.
A source code patch exists which remedies this problem.
025: SECURITY FIX: April 13, 2025 All architectures
In Perl, non-ASCII bytes in the left-hand-side of the `tr` operator can overflow an insufficiently sized buffer. CVE-2024-56406
A source code patch exists which remedies this problem.