Security Patches

Complete list of security fixes published by OpenBSD for 2025. All these patches are applied in SecBSD by default.

001
RELIABILITY FIX October 26, 2025 All architectures

syspatch(8) is confused by aliased /dev/*rootdisk nodes in the database generated by dev_mkdb(8). If syspatch fails (probably because /usr is not a separate filesystem).

A source code patch exists which remedies this problem.

002
SECURITY FIX October 28, 2025 All architectures

Use-after-free and integer overflow in the Xkb and Present X server extensions. CVE-2025-62229 CVE-2025-62230 CVE-2025-62231.

A source code patch exists which remedies this problem.

003
SECURITY FIX October 28, 2025 All architectures

DNS cache poisoning vulnerabilities in unbound could lead to domain hijacking. CVE-2025-11411.

A source code patch exists which remedies this problem.

004
RELIABILITY FIX October 28, 2025 All architectures

Ensure the group selected by a TLSv1.3 server for a HelloRetryRequest is not one for which the client has already sent a key share.

A source code patch exists which remedies this problem.

005
SECURITY FIX October 31, 2025 All architectures

smtpd(8) can die if a malformed imsg is sent on the local socket. CVE-2025-62875.

A source code patch exists which remedies this problem.

About Security Patches in SecBSD

Proactive tracking of OpenBSD vulnerabilities ensures fixes are incorporated into SecBSD within 24 hours of the vulnerability notification.

To update your system with the latest security fixes, run:

$ doas sysupgrade -s and then $ doas pkg_add -Dsnap -u