Question about security bug fixes for in-tree NSD

G'day This is my first post to this list - so bear with me... OpenBSD has not yet replaced BIND with NSD + Unbound, but NSD 3.2.9 is enabled in 5.1 builds. This version has at least 2 known CVE's that have been fixed with upstream releases: 3.2.12: Fix for VU#624931 CVE-2012-2978: NSD denial of

Re: Question about security bug fixes for in-tree NSD

Am 21.09.2012 14:51, schrieb Stuart Henderson: > CVE-2012-2979 isn't relevant as it's a non-standard > build option that we don't use. Good to know, thanks. >> I have not found a patch for in 5.1 erratas so far. > I've just committed a fix for CVE-2012-2978 to 5.1-stable, > but I don't have time to

Re: Intel Microcode Guidance: Abandoned Processor Families and Spectre

Hi Am 05.04.2018 um 16:19 schrieb Aham Brahmasmi: > Hello Misc, > > Will OpenBSD's patches for Spectre help mitigate the risk for the > processor families which are not receiving Intel's mitigation microcode > for Spectre/Spectre variant 2? Someone deeper into OpenBSD can give reliable informatio

6.1: Taking carp down or modifying requires netstart of underlying carpdev - expected or not?

Hi I've run across an situation which I wanted to dig a bit more to find out if I'm encountering a known/expected behaviour or not. In this case a carp interface is configured to have a VLAN interface as carpdev. On the VLAN interface a couple of static routes are defined. (see at the end of the