OpenBSD Journal

OpenBSD Journal

OpenSSH 9.2/9.2p1 released!

Contributed by grey on from the OpenSSH now with more of everything! dept.

OpenSSH 9.2 was released on 2023-02-02. It is available from the mirrors listed at

As should be of no surprise to undeadly readers, OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support.

Read more…

Execute-only status report

Contributed by rueda on from the anti-BROP dept.

Theo de Raadt (deraadt@) posted to tech@ a status report (and 2 test programs) regarding execute-only (xonly). The report begins:

We've made good progress in the xonly effort so here's a small summary.

architectures crossed over completely

	arm64 - X bit without implied R in mmu
	riscv64  - X bit without implied R in mmu
	amd64 - using hardware 'PKU' feature
	powerpc64 - using feature similar to PKU
	hppa - using gateway feature

Game of Trees milestone

Contributed by rueda on from the game of dogfooding dept.

In a toot, Stefan Sperling (stsp@) announced:

#gameoftrees has reached another milestone […] We now offer public anonymous access to our Git repository via SSH, using our own server implementation (available in the ports tree of #OpenBSD -current).

git clone ssh://

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

Earlier Articles

OpenBSD Errata

OpenBSD 7.2

0172023-02-02 SECURITY A double-free in the sshd pre-auth unprivileged process (not believed to be exploitable).
0162023-01-21 SECURITY vmd(8) exposed unsupported cpuid feature flags to guests.
0152023-01-21 SECURITY vmm(4) exposed unsupported cpuid feature flags to guests.
0142023-01-17 SECURITY Input validation issues and path validation issues in libXpm can lead to infinite loops, memory corruption or arbitrary command execution. CVE-2022-46285, CVE-2022-44617 and CVE-2022-4883
0132023-01-13 SECURITY A TCP packet with destination port 0 that matches a pf divert-to rule could crash the kernel.
0122022-12-16 RELIABILITY Removing a domain can result in an out-of-bounds write in acme-client(8).

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]