OpenBSD 3.9 and 4.0 have fixed an issue to correct a problem in the IPv6 stack.

Source code patches are available at:

• ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/010_m_dup1.patch
• ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/020_m_dup1.patch

For  workarounds, and if you do not need IPv6, you can use the following (it will block all IPv6):

# vi /etc/pf.conf

Add a line:
block drop in inet6 all

# pfctl -f /etc/pf.conf

To load the new rules in the pf packet filter

# pfctl -s rules

Check the rule got loaded in the runtime rules.

The workaround does disable all incoming IPv6 packets on the machine.

The patch itself is a kernel patch, so you will need to recompile a kernel, install it and reboot the affected machines.

Update (Arrigo): the 3.9 patch applies cleanly to the 3.8, 3.7 and even 3.0 trees.  No excuse not to patch older systems!
--
Swa Frantzen -- NET2S