three December 10 errata
10 December, 2014 by tedu@tedunangst.com | openbsd
Three new errata to announce. Malicious DNS servers could cause a denial of service with an endless series of delegations. This affects named (BIND) and unbound. There is a patch for unbound in 5.6. (unbound wasn't built in 5.5.) We don't have patches for BIND at this time. Missing memory barriers (and other bugs) made virtio devices unreliable. Patches available for 5.5 and 5.6. Lots and lots of security bugs in the X server have finally been fixed. http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ Patches are available for 5.5 and 5.6. For 5.6: http://www.openbsd.org/errata56.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/012_unbound.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/013_virtio.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/014_xserver.patch.sig For 5.5: http://www.openbsd.org/errata55.html http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/018_virtio.patch.sig http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/019_xserver.patch.sig