Security Patches
Complete list of security fixes published by OpenBSD for 2025. All these patches are applied in SecBSD by default.
Complete list of security fixes published by OpenBSD for 2025. All these patches are applied in SecBSD by default.
Kernel of NFS server could crash if nfsd(8) is enabled and an evil NFS request is sent to it.
A source code patch exists which remedies this problem.
Fix sign of UTC offset in some timezone files created by zic(8).
A source code patch exists which remedies this problem.
Replace incorrect zoneinfo files created by broken zic(8).
A source code patch exists which remedies this problem.
This is a machine-independent patch, so syspatches are made available for all architectures (not just amd64, arm64, i386). Please run syspatch(8) on those machines to get the new zoneinfo files.
When using syncookies in pf(4), new TCP connections could run into timeout due to integer underflow.
A source code patch exists which remedies this problem.
In acme-client(1), handle as yet unobserved "processing" state when fetching an issued certificate by retrying instead of giving up.
A source code patch exists which remedies this problem.
Multiple X11 server issues. CVE-2025-49175 CVE-2025-49176 CVE-2025-49177 CVE-2025-49178 CVE-2025-49179 CVE-2025-49180
A source code patch exists which remedies this problem.
SecBSD inherits all security patches from OpenBSD and applies them immediately upon release. Our team monitors OpenBSD's errata page and incorporates fixes into SecBSD within 24 hours of their release.
To update your system with the latest security fixes, run:
$ doas sysupgrade -s and then $ doas pkg_add -Dsnap -u