The OpenBSD project has just issued an advisory (and updated its website to reflect the change) that it now has its second remote root vulnerability in more than ten years. The exploit itself is performed with a specially crafted IPv6 ICMP packet, and is caused by a bug in the mbuf chains in the operating system kernel. The OpenBSD team have released a patch. The bug affects all versions of OpenBSD. Since
Where are the calculations that go with a calculated risk?