three December 10 errata

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

three December 10 errata

Ted Unangst-6
Three new errata to announce.

Malicious DNS servers could cause a denial of service with an endless
series of delegations. This affects named (BIND) and unbound. There is
a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have
patches for BIND at this time.

Missing memory barriers (and other bugs) made virtio devices unreliable.
Patches available for 5.5 and 5.6.

Lots and lots of security bugs in the X server have finally been fixed.
http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/
Patches are available for 5.5 and 5.6.

For 5.6: http://www.openbsd.org/errata56.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig

For 5.5: http://www.openbsd.org/errata55.html
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/018_virtio.patch.sig
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/019_xserver.patch.sig