Errata patches for unbound have been released for OpenBSD 6.2.
A flaw was found in the way unbound validated wildcard-synthesized
NSEC records. An improperly validated wildcard NSEC record could be
used to prove the non-existence (NXDOMAIN answer) of an existing
wildcard record, or trick unbound into accepting a NODATA proof.
For details, see
https://unbound.net/downloads/CVE-2017-15105.txt
Binary updates for the amd64, i386, and arm64 platforms are available via
the syspatch utility. Source code patches can be found on the respective
errata page:
https://www.openbsd.org/errata62.html
After patching, restart the unbound service.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)