deadsimple BSD Security Advisories and Announcements

OpenBSD Errata: February 8th, 2018 (unbound)

Errata patches for unbound have been released for OpenBSD 6.2.

A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.

For details, see

Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:

After patching, restart the unbound service.