An error initializing a SHA2 context causes vulnerable applications using libcrypto to suffer from a 4- or 8-byte buffer overflow (for SHA256 and SHA512 correspondingly) with fixed content, potentially causing applications to crash.
A workaround for this issue for programs in the NetBSD base system is to disable SHA256 as a HMAC for the secure shell and to avoid using the audit facility as well as signed packages.
For more information see NetBSD Security Advisory 2009-012 at
http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2009-012.txt.asc
