NetBSD 4.01 released
NetBSD 4.01 has been released, providing the first security/critical update of the NetBSD project's current major version which was released in December 2007. It brings together all the fixes for security issues and corrections for problems deemed critical by the developers and gives a consolidated release for new installations.
Security fixes have been applied to bzip2, OpenSSH, OpenSSL, Bind, PPPoE, IPv6's handling of ICMP and neighbour discovery, racoon, tcpdump and libc. The
libc issue related to strfmon which was vulnerable to an integer overflow and could allow for code injection, while most of the other issues were related to potential denial of service attacks. The Bind updates resolve the DNS cache poisoning issue which became public in the summer.
Details of all the issues resolved are detailed in [release notes. NetBSD is available to download from mirrors of the project and the developers encourage users who wish to download ISO images to use the BitTorrent torrent files they have made available.