The NetBSD development team have announced the release of the second "critical/security" update of the 5.0 release branch, NetBSD 5.0.2. The latest maintenance release includes a number of important security and stability fixes for the BSD based operating system.
NetBSD 5.0.2 features two fixes related to security advisories, including an issue in the OpenSSL Transport Layer Security (TLS) session renegotiation that could allow an attacker to remotely intercept communication. The developers have disabled TLS session renegotiation in order to prevent Man-in-the-Middle attacks. The second advisory fix corrects an issue that could allow a local attacker to invoke a kernel panic due to issues in the azalia(4) and hdaudio(4) drivers.

The link for this article located at H Security is no longer available.