Alioth's Journal: OpenBSD's second remote hole in the default installation

The OpenBSD project has just issued an advisory (and updated its website to reflect the change) that it now has its second remote root vulnerability in more than ten years. The exploit itself is performed with a specially crafted IPv6 ICMP packet, and is caused by a bug in the mbuf chains in the operating system kernel. The OpenBSD team have released a patch. The bug affects all versions of OpenBSD. Since OpenBSD is commonly used for firewalls, this is a pretty critical one to patch if you have IPv6 connectivity. A workaround, if you don't need IPv6, is to simply block all IPv6 traffic with pf.