Submission + - OpenBSD: Now 2 remote holes in more than 10 years
Saint Aardvark writes: "CoreLabs released an advisory today about a remote hole in OpenBSD. The vulnerability, which affects versions 3.1, 3.6, 3.8, 3.9, 4.0 and the upcoming 4.1 release (for code obtained prior to Feb 26th; the upcoming CD is fine), comes from the way OpenBSD's IPv6 code handles mbufs. Theo's terse announcement is an interesting counterpoint to Core Security's timetable, which details their efforts to convince the OpenBSD team of the flaw's seriousness. The workaround is to block IPv6. Discussion continues on Undeadly.org, and a short discussion of the flaw's details can be found here."