NetBSD 5.0.2 released
The NetBSD development team have announced the release of the second "critical/security" update of the 5.0 release branch, NetBSD 5.0.2. The latest maintenance release includes a number of important security and stability fixes for the BSD based operating system.
NetBSD 5.0.2 features two fixes related to security advisories, including an issue in the OpenSSL Transport Layer Security (TLS) session renegotiation that could allow an attacker to remotely intercept communication. The developers have disabled TLS session renegotiation in order to prevent Man-in-the-Middle attacks. The second advisory fix corrects an issue that could allow a local attacker to invoke a kernel panic due to issues in the
The BIND server and tools have also been updated, addressing three security vulnerabilities. Other changes in the release include kernel fixes and networking, driver and platform updates. The developers advise all users to upgrade to the latest release.
More details about the release, including a list of known problems, can be found in the release notes and change log. NetBSD 5.0.2 is available to download as an ISO image file. NetBSD is released under the BSD license.
- Solution for SSL/TLS design weakness in sight, a report from The H.
- NetBSD 5.0.1 released, a report from The H.
- Improved multi-processor support in NetBSD 5.0, a report from The H.