Contributed by merdely on from the two holes in 10 years is almost celibate dept.
As previously reported, there is a security issue of "incorrect mbuf handling for ICMP6 packets" which can lead to remote code execution or system crash.
The importance of updating OpenBSD systems was further illustrated today with a post by Theo de Raadt on misc@ urging OpenBSD users to "have our latest patches installed." If you can't immediately patch your systems and do not use IPv6, put "block in inet6" in your pf.conf. Then visit the 3.9 or 4.0 errata pages for the patches.
While this is a blemish on OpenBSD's stellar security record, only two remote holes in more than 10 years is still amazing.
(Comments are closed)